[solved]newbie need help with firwall rule order setting


  • New to pfsense got most stuff running but have a rules order question. Here is what I what I need:

    pfsens is set as the main router with 5 static IP PC connected to it. Every PCs should have regular internet (192.168.0.2 -5) expect for one. This special PC (let call this - 192.168.0.6) to ONLY have access to HTTP, HTTPS and an OpenVPN Connection.

    So I set up rules on the LAN side in this order

    Pass from 192.168.0.6  to  any  HTTP/HTTPS
    Pass from 192.168.0.6 to any OPENVPN
    Block from 192.168.0.6 to  any  *

    So my understanding is any HTTP and OPENVPN  will pass through because the pass rules are on top of the block everything rule. But I am not able to get this to work. As soon as I enable the 3rd "block everything rule" all out going connections are gone. Put the rules in reverse order (block everything first)  wont work either.

    Am I missing something?

    Thanks in advance


  • yes you're missing dns rule. add tcp/udp 53 to anyone to access


  • @Metu69salemi:

    yes you're missing dns rule. add tcp/udp 53 to anyone to access

    Thanks for the reply

    I think of it at night after the post ..try it and still fail. At the end of it I even go to the extended of creating a pass rule for TCP/UDP 1 - 443 at top but still as soon as I turn on 3rd block all rule .. all connections are drop.

    Really running out of idea now .. may need to edit the rules trhough SSH to see did the webgui mess up the order.


  • after I did a reboot everything are fine now ..