Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to implement a PF rule !!! Is there a workaround?

    Firewalling
    2
    3
    1686
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linch
      last edited by

      Hi All,

      I am trying to implement the PF rule:

      block out log quick from any to x.x.x.x/24 port != 80

      on PFsense and it looks like the UI functionality is not sufficient for the rule above (all destination ports different than 80).

      I can achieve the functionality with two separate rules… but imagine the administrative effort of hundreds of rules because of the lack of this UI functionality...

      Am I correct to think that the UI is missing this functionality and can I use a workaround to have only one rule with the condition in question?

      Thanks in advance for the advice mighty geeks  ;)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        No work around that will let you implement that exact rule. There is a feature request open to add that in 2.0.

        Though allowing only port 80 and letting everything else drop with the default deny rule is a better choice. If later rules match though, you will have to add the allow plus a deny. No way around that right now.

        1 Reply Last reply Reply Quote 0
        • L
          linch
          last edited by

          Thanks for your answer.

          It is good to know that someone has already requested the feature  :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post