Why won't my firewall rules apply?!
-
Hi guys,
Having an absolute nightmare with this one.
I can't seem to get my firewall rules to actually apply to a host.
No matter what rules I create, they don't seem to apply, here is an example rule I created.
These should work, right?
-
Work to do what?
Nothing on the LAN interface is going to match a destination of "LAN net" except traffic destined to the firewall itself, so that's probably not what you're wanting to do.
-
https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
-
@cmb:
Work to do what?
Nothing on the LAN interface is going to match a destination of "LAN net" except traffic destined to the firewall itself, so that's probably not what you're wanting to do.
It's to block SSH on port 22.
So I need to enter what into the destination field?
And the IP in the 'single host or alias' field right?
-
Block port 22, From: ? To ?
-
Did you even look at those links?
-
-
Change the destination of the rule shown to any rather than LAN net, put it above any pass rules, and you'll be blocking all TCP 22 initiated from LAN.
-
Going to ask as simple question what are you trying to block – 22 (ssh) from where to where?
You can NOT keep clients on lan from talking to other clients on lan with pfsense firewall, because clients don't talk to pfsense to talk to other clients on lan.
Not sure where you put a rule with dest lan net, but that going to stop clients on lan.. Now if you put such a rule say on opt1 network then sure you could stop opt1 clients from talking to lan clients on 22.
-
What johnpoz is trying to say, is PFSense can block traffic going through PFSense, but not traffic that only goes through the switch.