Unable to implement a PF rule !!! Is there a workaround?

  • Hi All,

    I am trying to implement the PF rule:

    block out log quick from any to x.x.x.x/24 port != 80

    on PFsense and it looks like the UI functionality is not sufficient for the rule above (all destination ports different than 80).

    I can achieve the functionality with two separate rules… but imagine the administrative effort of hundreds of rules because of the lack of this UI functionality...

    Am I correct to think that the UI is missing this functionality and can I use a workaround to have only one rule with the condition in question?

    Thanks in advance for the advice mighty geeks  ;)

  • No work around that will let you implement that exact rule. There is a feature request open to add that in 2.0.

    Though allowing only port 80 and letting everything else drop with the default deny rule is a better choice. If later rules match though, you will have to add the allow plus a deny. No way around that right now.

  • Thanks for your answer.

    It is good to know that someone has already requested the feature  :)