Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block traffic to specific port from specific IP addresses?

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 394 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tuparks
      last edited by tuparks

      I figured out how to block from specific IP addresses to all ports but not how to block traffic to a specific PORT from specific IP addresses? Any clues?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        You put the dest port in the rule that you have the source IP in.. This has to be some sort of joke?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • T Offline
          tuparks
          last edited by tuparks

          No, its not a joke or I would not have taken the time to ask it. I guess its super clear to you but I don't see anything in the rule creation screen that lets you specify a PORT...I do see the places that let you set an IP. Even the help screen below makes no mention of the word "PORT":

          "When entering addresses into firewall rules, the following choices are given for the source and destination addresses. Some of these options only appear in specific fields or circumstances, or if certain features are enabled.

          any - 0.0.0.0 to 255.255.255.255, or all IPv6 addresses
Single host or alias - Select this and enter one IP address (1.2.3.4, aa:bb:cc:dd::1) or type the name of an Alias that has already been configured (Firewall > Aliases)
Network - Select this and enter a network and mask (10.99.0.0/16, aa:bb:cc:dd::0/64)
LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface.
LAN address - The IP address configured on the LAN interface under Interfaces > LAN
zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.)
WAN net - Please note this is not the internet, this is just the network wan is connected to, just like lan, or opt net aliases above. If your ISP puts you on a x.x.x/21 network, or a /29 or a /24 that is the network this refers too.. Not the whole internet.
PPTP clients - Automatically locate and use the addresses of PPTP clients
L2TP clients - Automatically locate and use the addresses of L2TP clients
This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)"
          1 Reply Last reply Reply Quote 0
          • T Offline
            tuparks
            last edited by

            Never mind, I found it. When you change "protocol" from "Any" to "TCP/UDP", the port field appears.

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              Yeah any is what is means ANY... So no you wouldn't be able to set a Port.. To set a port you would need to specify a protocol that uses a port.

              Glad you got it sorted.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07 | Lab VMs 2.8, 25.07

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.