Help needed creating an unusual firewall rule / condition based rules
-
Hello,
We run a very restricted network where only basic outbound connections are permitted. This is a NATed network with pfSense as the gateway. We allow access to DNS, HTTP, HTTPS, POP3, SMTP, FTP only. Everything else is blocked by default.
Without going into more detail I would like to know if there is a way to set up a rule that means:
If a lan host tries to connect to any hostname (or IP addres) (outside the network) on port 80 TCP and there is port 80 UDP service on that ip address, then block access to that host/IP address.
I know I can block all traffic to any ip address that offers port 80 UDP service, which will do the same thing but my question is really, is there a way to make rules based on conditions.
Thank you to the pfSense team for making such a great product!
Rizwan
-
I think you will need a script for that.
select log flag on port 80 tcp rule.
the script will look for this log alert and then check if the remote ip has a 80 upd port. if so, create a rule for it.or
a easier setup:
create a rule that allow or reject udp port 80 with a very low limit for max connections(one for example).
Then if any internal client tries to connect to this udp port, it will be blocked for up to two hours on pfsense.
