<![CDATA[Blocking all the ports apart from specific one for the four interfaces]]>Hello All,

I am trying to block all the port on a specific machines which are connected with the pfsense firewall. There are total five interfaces which are connected with pfsense. 1. WAN 2. LAN 3. Work 4. BackEND 5. Database

I want to block all the ports from interfaces 3,4,5 and block internet connection. Only give access to the specific ports i.e:

WAN Interface 1: (If i can block the internet from this interface would be a great idea)
LAN Interface: 192.168.44.44/8
Work: Interface 3: 192.168.5.0/8 2222 TCP
BackEND: Interface 4: 192.168.50.0/8 135,446,88 TCP/UDP
Database: Interface 5: 192.168.6.0/8 555, 222, 55 TCP/UDP

Apart from mentioned port i want to block all other Inbound/Outbound ports. One can only communicate with the server using these ports. And, all BackEnd interface should communicate with all the servers.

I tried every possible things to work, but i am sure i am doing something wrong and it isn't working as i am expecting.

Please help me out to solve this issue. I would really appreciate.

Thank you

]]>https://forum.netgate.com/topic/131898/blocking-all-the-ports-apart-from-specific-one-for-the-four-interfacesRSS for NodeSat, 11 Apr 2026 15:14:21 GMTThu, 14 Jun 2018 03:11:56 GMT60<![CDATA[Reply to Blocking all the ports apart from specific one for the four interfaces on Fri, 29 Jun 2018 06:49:09 GMT]]>Thanks for replying! I solved it. Documentation helped. :D

Thanks again!!

]]>https://forum.netgate.com/post/774621https://forum.netgate.com/post/774621Fri, 29 Jun 2018 06:49:09 GMT<![CDATA[Reply to Blocking all the ports apart from specific one for the four interfaces on Thu, 14 Jun 2018 10:27:30 GMT]]>Rules are evaluated as traffic enters an interface from thee network its attached to. First rule to trigger wins, no other rules are evaluated.

So if you don't want lan to talk to work, then you would put rule on lan interface to block access to work before your allow rules.

  1. you don't want pfsense to talk to internet to check for updates or be able to install packages?

Your u sing a /8 mask? Yeah pfsense would not even let you set that because they would be overlapping networks. /8 would be 192.anything as a network. So your lan and work would overlap and how would pfsense know where to route to..

ports 555,222,55 ??? You just making up random port numbers? And they use both udp and tcp?

]]>https://forum.netgate.com/post/772001https://forum.netgate.com/post/772001Thu, 14 Jun 2018 10:27:30 GMT