PfSense not blocking attacker (FIXED)
-
Star:
On your WAN rule to block this guy-
Make sure that Logging is checked…
On the pass/block/recject option at the top of the rule- set to reject (just to test) and see what the firewall logs show...
Set "Destination" to your server LAN IP address.
-
so how exactly is he getting in and hitting your webserver. I don't see any rules that would be there from a port forward - your wan rules don't show any allows other than icmp from one IP.
So only inbound traffic would be from a state that client on lan created the connection.
look at your state table and filter for his IP and what do you see for states?
-
I don't see any rules that would be there from a port forward
johnpoz you are absolutely correct. I assumed the wan rule was created automatically for you but as it is clearly not there, obviously not. The answer was in front of me all along. My HTTP Filter rule association was set to PASS. That’s why it just ignored my Block WAN rule.
I don’t know how I missed this!I can now confirm it is blocking.
A BIG thank you to all who participated in the discussion and for all help offered.Star.
-
Here is how I setup my HTTP NAT correctly.
Filter rule association > Create new associated filter rule.
Apply changes.
Then under Rules add your block rule.
Make sure the block rule is above everything else.
You can also see the new rule added NAT HTTP_Server
Star.
-
jimp? I don't see anywhere where jimp pointed out anything ;)
-
lol. typo. ;D
-
I don't remember any mention of a HTTP pass rule… (-:
Which gets me back to my original theory of there must be a pass rule somewhere. -
he had has port forward set to pass vs creating a rule… I never understand why people change it from the default of create new rule if you they don't fully understand what they are doing ;)
-
Simple mistake, I'm sure.
-
Simple mistake, I'm sure.
Yes it was. :)
