4. Invert port alias in rule

Invert port alias in rule

  • M

    I use a LAN rule to allow only specific outbound port requests (80, 443, 22, etc.). Occasionally someone decides to provide a service on a non-standard port. When a hapless local user can't get to such a site I would like to log the anomalous port request.

    In short, I would like to match requests to destination ports not included in my allowOut alias.

    How can I invert a port alias match?

    0
  • LAYER 8 Netgate

    You can just put a reject rule after that rule to TCP port any that logs. Only traffic that does not match the pass rule(s) above it will reach it and be logged. No reason to exclude the matching "good" traffic in that rule itself.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy