Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking traffic from IP alias to (invert match) IP alias

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 364 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mattaton
      last edited by

      Admittedly, I am a complete novice at pfSense and anything beyond basic networking you can do with a consumer router. So, I know this is why I can't get this to work. But, I'm hoping for a little guidance.

      First, all my rules are on specific interfaces other than the rule I am trying to get working. My other rules are very basic rules allowing traffic on my main network to go anywhere, traffic on IOT to only get to the internet. That sort of thing. I have one rule under floating because it involves more than one interface.
      Per my understanding, floating rules are processed first, so I'd think what I'm attempting should work...but see my first sentence. :-)

      I have a group of 4 IP addresses in an alias. I have another group of 2 IP addresses in another alias. I set up a block rule, the first alias being the source, the second alias being the invert-match destination.

      Shouldn't that block any traffic from the first alias to anywhere other than the IPs of the second alias?

      I have confirmed and reconfirmed that these devices are indeed using the specified IP addresses.

      Basically, the goal is to block internet to these devices but still allow them to print (printers are on the second IP alias).

      Any advice?

      Thanks!!!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Mattaton
        last edited by

        @mattaton said in Blocking traffic from IP alias to (invert match) IP alias:

        Per my understanding, floating rules are processed first, so I'd think what I'm attempting should work...but see my first sentence. :-)

        This is only true if "Quick" is checked. See the docs for details:
        https://docs.netgate.com/pfsense/en/latest/nat/process-order.html#floating-rules-notes

        M 1 Reply Last reply Reply Quote 0
        • M
          Mattaton @viragomann
          last edited by

          @viragomann I had quick on before and it still didn't work. I've changed since other things since then too, so I'll give quick another shot and see if it works.
          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.