Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do i allow http/https and block others in firewall

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 3 Posters 16.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      syedadi
      last edited by

      Could anyone help me with this settings in firewall so that all client only can access internet via port 80/443 not others

      1 Reply Last reply Reply Quote 0
      • Cry HavokC Offline
        Cry Havok
        last edited by

        Create 3 rules on the LAN interface.

        One to allow access to port 80, one to allow access to port 443 and then the last to block all traffic not destined to the pfSense LAN IP.

        1 Reply Last reply Reply Quote 0
        • S Offline
          syedadi
          last edited by

          how would be the 3ed rules? can you give me the details? i'm not very good at creating firewall rules :)

          1 Reply Last reply Reply Quote 0
          • Cry HavokC Offline
            Cry Havok
            last edited by

            Create the rules on the LAN interface with all settings as default except where I specify below:

            First
            Destination port: 80
            Description: Allow port 80

            Second
            Destination port: 443
            Description: Allow port 443

            Third
            Action: Block
            Destination: not
            Destination type: LAN address
            Description: Block all not to pfSense host

            Create them in that order.  The first 2 allow connections only to web sites on 80 and 443 (which will deny access to many web sites that run on non-standard ports) and the last blocks any other connections that aren't to the pfSense LAN IP.

            1 Reply Last reply Reply Quote 0
            • T Offline
              tommyboy180
              last edited by

              Egress filtering is a smart thing to do. I wish more people did this so SPAM and virus infections wouldn't be so successful.

              -Tom Schaefer
              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

              Please support pfBlocker | File Browser | Strikeback

              1 Reply Last reply Reply Quote 0
              • S Offline
                syedadi
                last edited by

                Thanks :) Complete info….

                what is "Egress filtering is a smart thing to do." Egress??

                1 Reply Last reply Reply Quote 0
                • Cry HavokC Offline
                  Cry Havok
                  last edited by

                  Egress is another word for exit, used when talking about filtering the traffic leaving a network (as opposed to entering a network).

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    syedadi
                    last edited by

                    ok2.. :) understand :) to jargon to me…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.