4. Floating block rule out

Floating block rule out

  • A

    Hello,I have been trying to set up a floating rule direction out to block traffic because I want to be able to control what is going out to the internet. So far I have been unsuccessfull and is why I am asking the forum because I dont understand the logic.

    I set up a floating rule in with a few ports in an alias with source lan net dest * allowed ports defined by the alias. Got 2 rules for this, one tcp and one udp.

    Now I want to do the same reverse with a floating rule, only allow ports in a defined alias out. How can I get this to work with a floating rule ? It either blocks everything or nothing…

    Thanks

    0

  • Unless you're trying to do this with multiple LANs, you don't need to use a floating rue for this.  Just put a block rule on LAN above the Allow Any rule.

    You should also note that a changed firewall rule will not affect an existing established state, so after you make a rule change you should reset the states of the connection you're trying to change.

    0
  • LAYER 8 Netgate

    You cannot block with Source LAN net on a WAN outbound rule when you are using outbound NAT on WAN because NAT has already happened and the source address is WAN address when it is checked.

    As was said up there, block the traffic into LAN not out WAN.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy