How to Block Internet for a specific device in pfsense

  • Post author:
  • Post category:How-To
  • Post last modified:July 25, 2023

To block internet access for a particular machine in pfSense, you can follow these steps:

Step 1: Identify the IP address of the machine you want to block

First, you need to find the IP address of the machine you want to block internet access for. You can do this by checking the DHCP leases or by examining the network settings of the specific machine.

Step 2: Create a firewall alias

Next, you’ll create a firewall alias that includes the IP address of the machine you want to block. This makes it easier to manage and modify the rule in the future if needed.

  1. Log in to your pfSense web interface.
  2. Go to “Firewall” and then “Aliases.”
  3. Click on the “+ Add” button to create a new alias.
  4. Give the alias a descriptive name, e.g., “Blocked_Machine.”
  5. Under “Type,” select “Hosts.”
  6. In the “Host(s)” field, enter the IP address of the machine you want to block.
  7. Click “Save” to create the alias.
Block Internet pfsense

Step 3: Create a firewall rule to block the machine’s internet access

  1. Still in the pfSense web interface, go to “Firewall” and then “Rules.”
  2. Select the interface where the LAN network (containing the machine you want to block) is connected. For example, if the machine is connected to the LAN interface, choose that.
  3. Click on the “Add” button to create a new rule.
  4. Configure the rule as follows:
Block Internet pfsense_create rules
  • Action: Block
  • Interface: (Select the appropriate interface again)
  • Address Family: IPv4 (or IPv6 if applicable)
  • Protocol: Any (or you can choose specific protocols if needed)
  • Source: Single host or alias – choose the alias you created earlier (“Blocked_Machine”).
  • Destination: Any (this means the rule will block access to any destination)
  • Description: Provide a descriptive name for the rule, e.g., “Block Internet for Machine X.”
  1. Click “Save” to create the rule.

Step 4: Apply the changes

After you have created the firewall rule, it will take effect immediately, and the specified machine will be blocked from accessing the internet.


Please keep in mind that pfSense can be a critical piece of your network infrastructure, and misconfiguration may lead to unintended consequences. Ensure that you have a backup of your pfSense configuration before making any changes and thoroughly test the rules to verify they behave as expected. In this blog post, we seen how to pfsense block internet for particular machine

Read More Topics

How to Setup FTP server on Ubuntu 22.04 as vsftpd

Leave a Reply