Unable to Block WAN IP

frostmir

Hi,

I have a problem blocking an Specific WAN IP add. First i created a list of IP to be blocked on Firewall>Alias and blocked the WAN IP on Firewall>Rules. But when I wen to console I can still reach the specified IP to be block? My configurations are shown below:

Action = Block
Interface = WAN interface
TCP\IP Version = IPv4
Protocol = Any
Source = Type = Single Host or Alias
address = Alias Address
Destination = Type = Any

Gateway = our Load balancing interface to WAN

I also created a same config Rule with the same config with an opposite Source/Destination from the first rule

Note: I already blocked the public IP to reach our Private IP addresses. My only problem is I can still ping the WAN IP to be blocked on our pfSense router.

Is there a problem on my config? Please advise. Thanks

chpalmer

Firewall rules affect incoming traffic on an interface. The WAN is all blocked by default. You need no rules to make that happen. You have allow all on your LAN port by default and that is why you can ping your WAN address from your LAN.

But if your saying that your able to ping it from another source then something else is up.

frostmir

Hi

Kindly see attached images below:

The first one that I have created is to block the incoming public IP from our private network vice versa from the LAN interface. This is successfully implemented, I cannot reach anymore the Public IP that I have blocked anymore

And the second one is that I have created is to block the incoming and outgoing traffic from the WAN interface please see attached image. But my problem is the Public IP that I want to block on the WAN interface is still active and we can still ping it from the console of our pfSense router. We have a strong feeling that is caused by the malware that came inside on our network. But we were unable to track it though ;D

Is my configuration correct?

Thanks ^_^

![LAN Interface.png](/public/imported_attachments/1/LAN Interface.png)
![LAN Interface.png_thumb](/public/imported_attachments/1/LAN Interface.png_thumb)
![Traffic Graph.JPG](/public/imported_attachments/1/Traffic Graph.JPG)
![Traffic Graph.JPG_thumb](/public/imported_attachments/1/Traffic Graph.JPG_thumb)

NOYB

@frostmir:

Hi

Kindly see attached images below:

The first one that I have created is to block the incoming public IP from our private network vice versa from the LAN interface. This is successfully implemented, I cannot reach anymore the Public IP that I have blocked anymore

And the second one is that I have created is to block the incoming and outgoing traffic from the WAN interface please see attached image. But my problem is the Public IP that I want to block on the WAN interface is still active and we can still ping it from the console of our pfSense router. We have a strong feeling that is caused by the malware that came inside on our network. But we were unable to track it though ;D

Is my configuration correct?

Thanks ^_^

No the configuration is not correct for what you are trying to do.
Neither of those rules, first one nor second one, applies to the WAN because it is on the LAN. So these rules only block traffic entering the LAN interface.

To block traffic exiting an interface create a floating rule.
To block traffic entering an interface create a rule on that specific interface.

frostmir

That solved the problem ;D. Thank your very much I have successfully blocked the IP