Simple block of traffic to port 80 on webserver machine

mentalhemroids

I haven't been able to get to my webserver behind pfsense box; I've tried several different things.  Now I am trying to block access to it from my lan to my bridge where it is located.  I changed the setting to enable filtering of bridge and set up a firewall rule to block all web traffic from one ip to the ip host for my website.  I setup the rule on both my Lan and Bridge to block traffic and now I can still get to my website.  Just trying to figure out what to do; I'm running 1.0.1 and the filters seem to be reloading, so that's where I am.

Anyone have any ideas?

hoba

Please add an asciidraft about your networksetup. Also provide the exact rules you created for the blocked traffic.

mentalhemroids

@hoba:

Please add an asciidraft about your networksetup. Also provide the exact rules you created for the blocked traffic.

Is that something available in one of the system log files or do I have to write it all out?  Sorry I'm still fairly new to pfSense and firewalling is something I'm trying to learn the correct way to do.

Thanks.

hoba

You can copy/paste the firewallrules from the webgui (firewall>rules). Concerning the ascii diagram of your network you have to simply whip it up yourself.

Oh, and maybe you haven't found this yet: http://pfsense.trendchiller.com/transparent_firewall.pdf (it's linked at pfsense.com, tutorial section).

mentalhemroids

Okay, here are the rules -
LAN
TCP/UDP  10...17  80 (HTTP)  10...5  80 (HTTP)  *  Block 80 on primary
*  LAN net  *  *  *  *  Default Subnet -> Any

BRIDGE
TCP/UDP  10...17  80 (HTTP)  10...5  80 (HTTP)  *  Block tcp port 80 from t40
*  LAN net  *  *  *  *  Default LAN -> any

Alright, here is my attempt at a network ascii representation…

10...17
                                                /
                        LAN(linksys wi-fi) - 10...#
      10.../24/    ^                 
WAN -  pfSense      |                      10...#
                      ~    |      10...5
                      ~  |    /
                        Bridge - 10...#
                               
                                  10..*.#

Does this help at all?  I have bridge filtering enabled; any other ideas on things I can do?

sai

This is wrong:
TCP/UDP      10...17      80 (HTTP)      10...5      80 (HTTP)      *      Block 80 on primary

To block access to a web server your source port should be * (it is shown to be 80)

This is correct:
TCP/UDP      10...17                *        10...5      80 (HTTP)      *      Block 80 on primary

This rule will block access from 10...17 to the web server on 10...5

Generally you will never specify the source port, only the destination port.

mentalhemroids

Okay, I got it working; it's a tricky if you don't know what you are doing.  Thanks for your help!