Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall CP Rule (bounty varies)

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    10 Posts 2 Posters 6.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 9
      900mhzdude
      last edited by

      Hey Guys,

      I need A Firewall Rule that works something like this

      Source IP 192.168.1.150 / Source Port 80

      Destination Port 80 http:\You Have A Virus . Com

      The Point of this rule is to Redirect infected customers
      or Customers that did not pay there bill to a Web page

      Why am I not using Captive Portal?

      We are using Multi VLAN and Also Do not want to deal with Auth

      A Simple Firewall rule would be awesome and more useful then Captive portal for me

      We Are using Pfsense 1.2.3 but we would like to upgrade to 2.0 by the end of the year

      As for the Bounty Let me know I have no idea what is fair for this Project
      I also Hope other WISP's out there that need this Pitch in on the Bounty

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can already do that with NAT rules on 2.0 at least, maybe even 1.2.3.

        A couple different ways:

        • A port forward on LAN with a source of the infected PC (or an alias containing them) and a destination of "any" (not "interface address"), redirect IP would be the web server on another interface hosting the "you are infected" page, and destination/redirect port of 80.

        That would redirect any web surfing they try to do over to your "you're infected" page, and if your web server there is set to respond to any query for any page (redirect a 404 to your virus page) with the page you want, it will do exactly as you describe.

        Another way would be to run the squid proxy and with squidguard, match the infected users in an ACL, and deny access to everything, and put your "you're infected" message in the squidguard error/redirect.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • 9
          900mhzdude
          last edited by

          I'm not seeing redirect IP option in 1.2.3

          is that a option in 2.0?

          Sorry for my stupidity

          And Thanks  ;D

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It's just a port forward. Firewall > NAT.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • 9
              900mhzdude
              last edited by

              there is no destination/redirect
              there in 1.2.3 if I'm missing something
              or someone already posted on this please point me in the right way
              I have searched for months and have not found anything

              Thanks

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Yeah the source address option is 2.0 only, forgot when that was added.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • 9
                  900mhzdude
                  last edited by

                  K thanks… looks like we need to upgrade  ???  :'( scary

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    We're about to release RC2. Use a current snapshot, it's not so scary.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • 9
                      900mhzdude
                      last edited by

                      Bit off topic but dose the pfSense: The Definitive Guide Apply to Pfsense 2.0?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Vaguely, it mentions 2.0 in various places and what things were known to be different at the time. We will be writing another book based on 2.0 in the near future.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.