Block Internet with firewall


Note: since firewall rules don’t let you enter large ranges of items, you have to shove them into a Group when you have lists of things you need to use in a rule.

1. Make new group that has you local address ranges in it (,, etc – whatever local IPs you use). This will be used for the rule that ACCEPTs local traffic.

2. Make 2nd group for all IP ranges (,,, This will be used to block all other traffic from that IP.

3. Make a 3rd group that has only the IP you want to block


1. Add LAN IN rule to ACCEPT traffic in group 1 above. Source = Group 3, Destination = Group 1

2. Add LAN IN rule to DROP traffic to everything. Source = Group 3, Destination = Group 2

When done, make sure rule 1 is before rule 2 in the list, as they are evaluated in order, and if reversed the machine specified in group 3 will have no connectivity to anything, even local things outside of its own subnet.

Then test it out.

Close Menu