Unable to implement a PF rule !!! Is there a workaround?

linch · Feb 24, 2009, 3:35 PM

Hi All,

I am trying to implement the PF rule:

block out log quick from any to x.x.x.x/24 port != 80

on PFsense and it looks like the UI functionality is not sufficient for the rule above (all destination ports different than 80).

I can achieve the functionality with two separate rules… but imagine the administrative effort of hundreds of rules because of the lack of this UI functionality...

Am I correct to think that the UI is missing this functionality and can I use a workaround to have only one rule with the condition in question?

Thanks in advance for the advice mighty geeks ;)

cmb · Feb 26, 2009, 3:09 AM

No work around that will let you implement that exact rule. There is a feature request open to add that in 2.0.

Though allowing only port 80 and letting everything else drop with the default deny rule is a better choice. If later rules match though, you will have to add the allow plus a deny. No way around that right now.

linch · Feb 26, 2009, 7:51 AM

Thanks for your answer.

It is good to know that someone has already requested the feature :)