• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 109
  • Last Modified:

Router with internet blocked except of 2

Have a environment where I want to restrict internet to all computers except of 2.
Looking for a router that instead of blocking the once I want to restrict I should be able to block all and allow the the few I want to allow (a ip range)
Not a big network no fancy router simple
it's about 25 devices all have a static ip configured on the device
Abraham Deutsch
Abraham Deutsch
1 Solution
Jane UpdegraffSr. Systems AdministratorCommented:
does the router have a basic firewall feature? if so, see what the firewall offers. You might post the model of the router for more specific instructions. But for any firewall you'll still have to block all / all on the default rule and allow the two IPs (or an IP range) for internet ports (lets say 80 and 443) on a higher priority rule - meaning a rule that is applied earlier in the list rules above the block all/all.
Dr. KlahnPrincipal Software EngineerCommented:
If you have absolute control over the network, do MAC address restriction.  Get the Ethernet MAC addresses for the two systems which are to be allowed access to the internet and configure the router to allow internet access to only those two MAC addresses.

(If you don't have absolute control over the network or you have ingenious employees this won't work because MAC address spoofing is not hard to do.)

An alternative approach that requires more work is to go to every computer that is not to have internet access and configure the HOSTS file to return all connections to .COM, .NET, .INFO, .BIZ, .MIL, .EDU and .US to  This should take care of most common internet sites.
Brian BIndependant Technology ProfessionalCommented:
Another handy option is to look for a router that has the feature LDAP authentication. This will allow you to put a rule in the firewall that tells it to only allow internet access to specific users or groups. Will be much easier in the future if the users change computers, or you want to change who is allowed internet access.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Abraham DeutschIT professionalAuthor Commented:
@ Jane Updegraff I do not yet have a router, I am looking to buy one and looking for a recommendation of a model that I will be able to accomplish this

@ Brian B based on what I see on the internet a router with LDAP authentication is expensive I don't need a expensive router and would rather do IP by IP, a router that can block a ip range would be good since all devices are manually configured static IP
David Johnson, CD, MVPOwnerCommented:
a ubiquiti edge router X @55USD would do very nicely here
Abraham DeutschIT professionalAuthor Commented:
Thank you
Brian BIndependant Technology ProfessionalCommented:
If you had said you wanted a specific model recommendation in the first place, you would have got different answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now