PF 2.1 block rule - might be me but not working

  • I've never had an issue on 2.0.1 on block rules but I was just looking and I needed to block the web port for my freepbx. I thought I had it blocked but I guess I hadn't

    I know that block rules go at the top and that's where I put this. The Ip in the destination is a IP Alias that's 1:1 natted to my internal addresses. What have I done wrong here.

  • Hi
    Just to clarify, is the IP Alias a defined virtual IP?

  • Yes I forgot to mention that!

  • Have you tried entering the private address that you are natting to?

    Also, is there a HTTPS port open that your browser may be trying automatically - that one has caught me out a few times!

  • I blocked the HTTPS ports and made the rules for also the lan private ip. What I didn't figure is why I needed to block the private ip when I block the external IP (virtual ip)

    Either way its working

    Topic Closed

  • Because NAT works before the firewall rules. To the firewall, it's not going to the external IP, but to the internal.

Log in to reply