• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to implement a PF rule !!! Is there a workaround?

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    linch
    last edited by Feb 24, 2009, 3:35 PM

    Hi All,

    I am trying to implement the PF rule:

    block out log quick from any to x.x.x.x/24 port != 80

    on PFsense and it looks like the UI functionality is not sufficient for the rule above (all destination ports different than 80).

    I can achieve the functionality with two separate rules… but imagine the administrative effort of hundreds of rules because of the lack of this UI functionality...

    Am I correct to think that the UI is missing this functionality and can I use a workaround to have only one rule with the condition in question?

    Thanks in advance for the advice mighty geeks  ;)

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Feb 26, 2009, 3:09 AM

      No work around that will let you implement that exact rule. There is a feature request open to add that in 2.0.

      Though allowing only port 80 and letting everything else drop with the default deny rule is a better choice. If later rules match though, you will have to add the allow plus a deny. No way around that right now.

      1 Reply Last reply Reply Quote 0
      • L
        linch
        last edited by Feb 26, 2009, 7:51 AM

        Thanks for your answer.

        It is good to know that someone has already requested the feature  :)

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received