Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One Rule to allow IN/OUT of a IP address?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 482 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RaulChiarella
      last edited by

      Hello. I wanna know how to do a Firewall Rule that allows EVERYTHING IN/OUT on a single IP (On WAN)

      Rule:
      → Everything that comes from IP X.X.X.X is ALLOWED
      → Everything that goes to IP X.X.X.X is ALLOWED.

      ffdaff29-ce75-4c04-bf6c-b5e364ba3573-image.png

      A 1 Reply Last reply Reply Quote 0
      • A
        akuma1x @RaulChiarella
        last edited by akuma1x

        @raulchiarella You technically don't do it all like that.

        You can set the first instance (everything that comes from IP address is allowed) with a simple rule on your WAN interface. Make a new WAN rule and set it up like this:

        Action: Pass
        Interface: WAN
        Address Family: IPv4
        Protocol: any
        Source: single host or alias (add the external IP address here)
        Destination: single host or alias (add the internal IP address here)
        Destination port range: If it's a specific program or traffic and you know the port, you can add that here. This can also be left blank.
        Description: give it a good name here

        The external IP address is the machine out on the internet (or other network) where you are trying to come in from. The internal IP address is the machine on the inside of your network that you're trying to get to.

        The "don't do it like that" comment, you don't have to add the "everything that goes to IP address" part. That's built into the same WAN rule from above.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Of course if you are NATing between WAN and LAN (most soho installs) adding a rule like that will only allow traffic to reach services on the firewall itself. You would need inbound NAT rules to reach anything behind the firewall.

          Steve

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.