Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules do not work

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      petras
      last edited by

      Hi,

      I am trying to block internet radios on my network. I figured out on which ip this radio is working.
      So, i am trying to block this ip and this rule do not work.

      I am creating new rule in WAN tab,
      action = block
      interface = wan
      protocol = any or TCP or tcp/udp (tried all options do not work),
      source type = single host or alias
      source address = radio ip address
      souce port = any 
      destination = any
      destination port = any
      shedule = always

      Pfsense is 1.2 final
      I tried to reset states - did not helped.
      I tried to reboot router - did not helped.
      I tried to block everything from wan - it do not block.
      There is no other rules except default (block traffic from RFC networks).

      Maybe i do not understand something or missing something?

      Radio link http://82.135.234.196/Eta.asx

      Thank you for help

      P.S. installed packages bandwithd and darkstat

      1 Reply Last reply Reply Quote 0
      • H Offline
        hoba
        last edited by

        You have not understood the way firewallrules work or how traffic or states are generated. Let me give you some introduction:

        If a client at LAN wants to listen to this radio station the Connection is initiated from the lan client to the server to the server port which then creates a state that allows the radiostream to return to the client. In pfSense all firewallrules are applied on incoming traffic. As you can see the traffic is initiated from the client sitting at LAN, so your firewallrule has to go to the LAN tab, not the WAN tab.

        You need a rule like:

        (at LAN tab)
        block protocol tcp, source any, destination <radioserver ip="">, port <streamingport>, gateway default

        if you want to block the complete IP and not just the radioservice just use protocol any.

        Hope this helps to understand how stateful firewalling works  :)</streamingport></radioserver>

        1 Reply Last reply Reply Quote 0
        • P Offline
          petras
          last edited by

          thanks, it helped.
          it was my mistake.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.