How to block an IP address from sending or receiving traffic?

Question

We have a machine that we are trying to limit bandwidth to, using pfSense. This is because the machine is using 80% of our link:

Another brute-force method of limiting bandwidth to an IP address is simply to block it. So we updated a rule to indicate that it should be a Block rule:

We also created another rule, randomly picking other options to try to block 10.0.0.78 from talking to the Internet:

Yet there it is, still consuming the majority of the bandwidth:

And when you log into the machine, uTorrent is still merrily downloading data.

How do you block a computer, by IP address, in pfSense?

Answer 1

I'm sure you've probably resolved this by now, but your screenshots show the rule being created for the WAN interface. You want to block on the LAN interface.

Answer 2

I have found that you have to kill the active states for that IP address as well before the block will take effect.

Answer 3

Because you're using NAT, the internal addresses only exist on the LAN interface and the external addresses only exist on the WAN interface. If you use routable addressing both sides (eg use IPv6) then the same addresses exist on both sides of the firewall.

Because of NAT, by the time the traffic reaches the WAN interface it has already been translated to your WAN address and thus doesn't get caught by your rule.

If you block on the LAN interface, this will break inter vlan connectivity (ie if you have multiple LAN interfaces on your firewall).

NAT sucks.