Blocking inbound access to ports based on IP addresses
-
I'm not sure why this seems so challenging as I believe that this firewall has this capability. Here is my scenario and I cannot get it to work for the life of me:
Internal Server On LAN <-> pfSense Firewall <-> Internet
On the internal server, I want to allow a service, say RDP. I configure port forwarding and the appropriate rules get added. But, I only want to allow that RDP access from a specific IP address on the Internet, say 222.222.222.222.
No matter how I modify the rules, it doesn't seem that there is a way to restrict this. What am I doing wrong?
I'd appreciate any help!
-
Basic firewall rules work on ingress interface, but what you want to do is port forward ( Firewall: NAT: Port Forward )
Rule creation is guite easy:Disabled: unchecked No RDR: unchecked Interface: WAN Protocol: TCP Source (click advanced) Type: Single host or Alias Source Address: 222.222.222.222(what is the wanted source ip) Source port: leave blank Destination: WAN address Destination port: 3389 or MS RDP Redirect IP: Servers internal address Description: Something you like Leave any else untouched and save
After that apply changes and try again
-
That worked like a champ! I discovered I was on an ancient version of pfSense and once I upgraded, I found that all of the settings you specified were there. Thank you again for your help!