Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking UDP 500 from a specific source

    Firewalling
    2
    2
    520
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrjohnbravo
      last edited by

      I have a rule in my "rules" section at the very top of the list to block UDP 500 from a source IP that was previously a Peer in an IPSEC VPN configuration. Now I want to block that former Peer IP but the rule doesn't work. And according to the logs the rule doesn't even get hit. The former peer is still trying to make a connection and I see it in my IPSEC logs every 3 seconds. I don't want that. I want to block that IP but it refuses to be blocked. What am I doing wrong here. I've also tried blocking on the IPSEC tab and the Floating tab. Nothing seems to keep it from generating a connection to my racoon daemon and trying to connect. Also notice that there is a state in the state table from that IP . Its a NO_TRAFFIC:SINGLE from the former Peer IP to my IP
      Using ver 2.1.5

      Late and frustrated.

      Thanks for any ideas.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Upgrade would be my guess.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.