I have a Mac OS X Server which also runs a DHCP and DNS server for my network. I would like to have a simple way (possibly even bash script) to temporarily prevent internet access for specific devices.
For example I would like to deactivate the kid's Apple TV from streaming content from the internet, when I am working remotely.
Thanks
Best Answer
Set up your server as an internal gateway similar to the network configuration in this question:
Then adjust all settings as outlined in my answer there:
I assume the following IP-adresses/netmasks:
First you have to enable forwarding on your server computer with following commands:
In order to do NAT you have to create a pfctl rule. Create a file called "nat-rules" with the following content:
Save the file and now start pfctl using the rule from the file we have created earlier:
Now configure a static route on your router:
192.168.1.0/24 (the internal network) -> 192.168.0.2 (server IP-address of the external interface connected to the router)
Enable the DHCP-service on your server:
Now use pfctl to add rules or get a pfctl-GUI like IceFloor or Murus to configure your firewall. Both apps should also allow you to enable NAT (step 2/3). You may define two different rulesets: one which only allows your computer to access the internet from the internal network and a different one which doesn't restrict internet access.