Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding a deny rule in console using easyrule

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    2 Posts 2 Posters 538 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techguy24
      last edited by

      I have been trying to learn easyrule within the pfsense console and I am stuck on trying to create an easyrule command in order to create a Lan rule that blocks any port from any source ip to any destination ip. Basically, a deny any any rule. From what I have gathered, easyrule can only be used to block a specific ip address and not even a port.

      PS: I am aware it would be so much easier to go to the web gui and use the rules, lan page to add a rule like this. Thanks for the help in advance!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The block function only works by source IP address. That's just how the utility was coded. It's original purpose was for blocking and passing items seen in the firewall log. From there, the most secure choice was to assuming blocking meant anything from that address, and for passing the most secure choice was to be specific and only pass to one IP address/proto+port.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.