Adding a deny rule in console using easyrule



  • I have been trying to learn easyrule within the pfsense console and I am stuck on trying to create an easyrule command in order to create a Lan rule that blocks any port from any source ip to any destination ip. Basically, a deny any any rule. From what I have gathered, easyrule can only be used to block a specific ip address and not even a port.

    PS: I am aware it would be so much easier to go to the web gui and use the rules, lan page to add a rule like this. Thanks for the help in advance!


  • Rebel Alliance Developer Netgate

    The block function only works by source IP address. That's just how the utility was coded. It's original purpose was for blocking and passing items seen in the firewall log. From there, the most secure choice was to assuming blocking meant anything from that address, and for passing the most secure choice was to be specific and only pass to one IP address/proto+port.


Log in to reply