PF 2.1 block rule - might be me but not working



  • I've never had an issue on 2.0.1 on block rules but I was just looking and I needed to block the web port for my freepbx. I thought I had it blocked but I guess I hadn't

    I know that block rules go at the top and that's where I put this. The Ip in the destination is a IP Alias that's 1:1 natted to my internal addresses. What have I done wrong here.




  • Hi
    Just to clarify, is the IP Alias a defined virtual IP?



  • Yes I forgot to mention that!



  • Have you tried entering the private address that you are natting to?

    Also, is there a HTTPS port open that your browser may be trying automatically - that one has caught me out a few times!



  • I blocked the HTTPS ports and made the rules for also the lan private ip. What I didn't figure is why I needed to block the private ip when I block the external IP (virtual ip)

    Either way its working

    Topic Closed



  • Because NAT works before the firewall rules. To the firewall, it's not going to the external IP, but to the internal.


Log in to reply