PF 2.1 block rule - might be me but not working
I've never had an issue on 2.0.1 on block rules but I was just looking and I needed to block the web port for my freepbx. I thought I had it blocked but I guess I hadn't
I know that block rules go at the top and that's where I put this. The Ip in the destination is a IP Alias that's 1:1 natted to my internal addresses. What have I done wrong here.
Just to clarify, is the IP Alias a defined virtual IP?
Yes I forgot to mention that!
Have you tried entering the private address that you are natting to?
Also, is there a HTTPS port open that your browser may be trying automatically - that one has caught me out a few times!
I blocked the HTTPS ports and made the rules for also the lan private ip. What I didn't figure is why I needed to block the private ip when I block the external IP (virtual ip)
Either way its working
Because NAT works before the firewall rules. To the firewall, it's not going to the external IP, but to the internal.