Unable to implement a PF rule !!! Is there a workaround?
-
Hi All,
I am trying to implement the PF rule:
block out log quick from any to x.x.x.x/24 port != 80
on PFsense and it looks like the UI functionality is not sufficient for the rule above (all destination ports different than 80).
I can achieve the functionality with two separate rules… but imagine the administrative effort of hundreds of rules because of the lack of this UI functionality...
Am I correct to think that the UI is missing this functionality and can I use a workaround to have only one rule with the condition in question?
Thanks in advance for the advice mighty geeks ;)
-
No work around that will let you implement that exact rule. There is a feature request open to add that in 2.0.
Though allowing only port 80 and letting everything else drop with the default deny rule is a better choice. If later rules match though, you will have to add the allow plus a deny. No way around that right now.
-
Thanks for your answer.
It is good to know that someone has already requested the feature :)