Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block IP

    Firewalling
    2
    5
    641
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zolthar last edited by

      FYI, I have read the following:

      https://forum.pfsense.org/index.php?topic=53790.0
      http://superuser.com/questions/819492/how-to-block-an-ip-address-from-sending-or-receiving-traffic
      https://forum.pfsense.org/index.php?topic=111420.0
      https://forum.pfsense.org/index.php?topic=33218.0

      I am trying to stop an IP from sending UDP packets from a Synology NAS. For the likes of me I cannot determine exactly what service on the NAS side, however I just want this IP blocked which pfSense does not seem to be doing.

      I have created a new rule:

      • Action: Block

      • Interface: WAN

      • Address: IPv4

      • Protocol: Any

      • Source: Single Host (27.93.201.229)

      • Destination: any

      I have also done another rule with same except applied the Destination as the IP instead of the Source and both moved to top of list.

      I have also tried the same for FLOATING rules and the result was the same - so I removed these and re-tried the above rule in WAN interface.

      However when I am in the Traffic graph, my NAS is still sending UDP:443 out to that address.

      EDIT: If I disconnect/reboot the NAS, or reset the "States" traffic also stops but just resumes about 1-2 minutes later

      1 Reply Last reply Reply Quote 0
      • A
        arnoldo0945 last edited by

        If you want to stop your NAS (which is in your LAN) to Talk to "some" IP on the "internet" you must create the "Block" Rule on your LAN.  ;)

        https://doc.pfsense.org/index.php/Firewall_Rule_Basics

        https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

        https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

        1 Reply Last reply Reply Quote 0
        • Z
          zolthar last edited by

          Thank you for your reply - I have tried the LAN for the exact same rule and the IP continues to stream at >1mbps to that IP unfortunately.

          I have tried several times by deleting all and trying one by one for FLOATING, WAN and LAN and have setup the rules simultaneously and still the same

          Here are some packet captures:
          10:05:21.307004 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.308478 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.314158 IP 192.168.10.9.50300 > 27.93.201.229.443: UDP, length 66
          10:05:21.322877 IP 192.168.10.9.50300 > 27.93.201.229.443: UDP, length 66
          10:05:21.327687 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.327910 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.328135 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.330638 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.339616 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.342092 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.348320 IP 27.93.201.229.443 > 192.168.10.9.50300: UDP, length 1280
          10:05:21.348704 IP 192.168.10.9.50300 > 27.93.201.229.443: UDP, length 66

          I have tried the following and no output was given:
          pfctl -f /tmp/rules.debug

          As for the logs, Im still learning how it works given I have only started using pfSense for about 5hours, of which 3 was trying to stop that IP. I cannot seem to find the IP in the logs despite me enabling logging for the filter within the rule. There is only 50 at a time, however in a summary I still cannot see the IP/UDP communications. What I mean is that Source/Destination ports 50300 or 443 or the IP are getting any counts. I will have to learn the logs more and how it interacts further.








          1 Reply Last reply Reply Quote 0
          • A
            arnoldo0945 last edited by

            You just need 1 Rule on LAN (no Floating / WAN rules required) to Block Traffic from 192.168.10.9 (LAN Host) to 27.93.201.229

            Create The Rule

            Clear States related to That IP

            Thats All, traffic should be blocked….




            1 Reply Last reply Reply Quote 0
            • Z
              zolthar last edited by

              Im such a NUB!!! Why didnt I think ti match it on a 1:1 basis with the source/destination!!!

              It "seems" to be working so far – will see in the next 30 minutes

              Thanks heaps mate.

              EDIT: Mate you saved me heaps of head scratching... Thank you heaps and yes it has worked correctly, I thought by placing a global block on an IP with any source would work. Can't thank you again!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy