Blocking all the ports apart from specific one for the four interfaces

  • Hello All,

    I am trying to block all the port on a specific machines which are connected with the pfsense firewall. There are total five interfaces which are connected with pfsense. 1. WAN 2. LAN 3. Work 4. BackEND 5. Database

    I want to block all the ports from interfaces 3,4,5 and block internet connection. Only give access to the specific ports i.e:

    WAN Interface 1: (If i can block the internet from this interface would be a great idea)
    LAN Interface:
    Work: Interface 3: 2222 TCP
    BackEND: Interface 4: 135,446,88 TCP/UDP
    Database: Interface 5: 555, 222, 55 TCP/UDP

    Apart from mentioned port i want to block all other Inbound/Outbound ports. One can only communicate with the server using these ports. And, all BackEnd interface should communicate with all the servers.

    I tried every possible things to work, but i am sure i am doing something wrong and it isn't working as i am expecting.

    Please help me out to solve this issue. I would really appreciate.

    Thank you

  • LAYER 8 Global Moderator

    Rules are evaluated as traffic enters an interface from thee network its attached to. First rule to trigger wins, no other rules are evaluated.

    So if you don't want lan to talk to work, then you would put rule on lan interface to block access to work before your allow rules.

    1. you don't want pfsense to talk to internet to check for updates or be able to install packages?

    Your u sing a /8 mask? Yeah pfsense would not even let you set that because they would be overlapping networks. /8 would be 192.anything as a network. So your lan and work would overlap and how would pfsense know where to route to..

    ports 555,222,55 ??? You just making up random port numbers? And they use both udp and tcp?

  • Thanks for replying! I solved it. Documentation helped. :D

    Thanks again!!

Log in to reply