Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Blocking all the ports apart from specific one for the four interfaces

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 496 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Aron101
      last edited by Aron101

      Hello All,

      I am trying to block all the port on a specific machines which are connected with the pfsense firewall. There are total five interfaces which are connected with pfsense. 1. WAN 2. LAN 3. Work 4. BackEND 5. Database

      I want to block all the ports from interfaces 3,4,5 and block internet connection. Only give access to the specific ports i.e:

      WAN Interface 1: (If i can block the internet from this interface would be a great idea)
      LAN Interface: 192.168.44.44/8
      Work: Interface 3: 192.168.5.0/8 2222 TCP
      BackEND: Interface 4: 192.168.50.0/8 135,446,88 TCP/UDP
      Database: Interface 5: 192.168.6.0/8 555, 222, 55 TCP/UDP

      Apart from mentioned port i want to block all other Inbound/Outbound ports. One can only communicate with the server using these ports. And, all BackEnd interface should communicate with all the servers.

      I tried every possible things to work, but i am sure i am doing something wrong and it isn't working as i am expecting.

      Please help me out to solve this issue. I would really appreciate.

      Thank you

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Rules are evaluated as traffic enters an interface from thee network its attached to. First rule to trigger wins, no other rules are evaluated.

        So if you don't want lan to talk to work, then you would put rule on lan interface to block access to work before your allow rules.

        1. you don't want pfsense to talk to internet to check for updates or be able to install packages?

        Your u sing a /8 mask? Yeah pfsense would not even let you set that because they would be overlapping networks. /8 would be 192.anything as a network. So your lan and work would overlap and how would pfsense know where to route to..

        ports 555,222,55 ??? You just making up random port numbers? And they use both udp and tcp?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.11.1 | Lab VMs 2.8.1, 25.11.1

        1 Reply Last reply Reply Quote 0
        • A Offline
          Aron101
          last edited by

          Thanks for replying! I solved it. Documentation helped. :D

          Thanks again!!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.