Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pf rules dont block

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ozanus
      last edited by

      Hi All,
      I use pfsense 1.2.2 developer and 1.2.3 rc1 i write rule "block 1863 port" but I access to remote server 1863 port :S

      I deny all lan port, pfsense block trafik but i access web 80 and 443. port and open msn messenger but dont running skype, gtalk etc.

      Do you know my fw rule problem.

      My pf rule and image attach to post ..
      pfrule.JPG
      pfrule.JPG_thumb
      pfrules.txt

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        The rule does exactly what you told it to do.
        You have the port 1863 as SOURCE and not as DESTINATION.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • O
          ozanus
          last edited by

          Thansk for reply,
          I need block a port for lan and wan interface !
          I change rules but still dont runnig ?

          My rule

          http://img80.imageshack.us/img80/9982/pfrule.jpg

          Connection

          http://img80.imageshack.us/img80/3566/31596335.jpg

          what is my problem ?.. What should I do   ???

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Please read up / learn how the rules work !

            They are processed from top to down.
            If a rule catches, the rules below no longer are considered.

            Your new rule states that a packet has to:
            "Originate from the IP of the LAN interface of the pfSense"  (Are you running MSN on your pfSense O_o)
            "Have a sourceport of 1863"    (This will never happen, because the source port is random)
            "Is destined to the IP of the WAN interface of the pfSense"  (Are you running an MSN server on your pfSense?)
            "The server is running on port 1863"  (This is the only setting which is correct).

            Make a rule:
            Source: any
            Source-port: any
            Destination: any
            Destionation-port: 1863

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • O
              ozanus
              last edited by

              a lot of thanks

              thanks for relation.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.