Blocking inbound access to ports based on IP addresses



  • I'm not sure why this seems so challenging as I believe that this firewall has this capability.  Here is my scenario and I cannot get it to work for the life of me:

    Internal Server On LAN <-> pfSense Firewall <-> Internet

    On the internal server, I want to allow a service, say RDP.  I configure port forwarding and the appropriate rules get added.  But, I only want to allow that RDP access from a specific IP address on the Internet, say 222.222.222.222.

    No matter how I modify the rules, it doesn't seem that there is a way to restrict this.  What am I doing wrong?

    I'd appreciate any help!



  • Basic firewall rules work on ingress interface, but what you want to do is port forward ( Firewall: NAT: Port Forward )
    Rule creation is guite easy:

    
    Disabled: unchecked
    No RDR: unchecked
    Interface: WAN
    Protocol: TCP
    Source (click advanced) Type: Single host or Alias
    Source Address: 222.222.222.222(what is the wanted source ip)
    Source port: leave blank
    Destination: WAN address
    Destination port: 3389 or MS RDP
    Redirect IP: Servers internal address
    Description: Something you like
    Leave any else untouched and save
    
    

    After that apply changes and try again



  • That worked like a champ!  I discovered I was on an ancient version of pfSense and once I upgraded, I found that all of the settings you specified were there.  Thank you again for your help!


Log in to reply