Blocking certain wan IP on port xx

sv28 · Apr 10, 2014, 10:51 AM

Hello i have a question about blocking IP on certain port.

We have a webservice witch uses port 83 for sending some messages. I have NAT redirect on that port through my WAN IP for our customers. I would like to block this port for certain IP because our former customer can now access to this port. I tryied to create a rule but that did not work. I am new to pfsense can somebody help :)? Thanks.

doktornotor · Apr 10, 2014, 10:55 AM

Maybe you could post the rules? (In case you still have problems after moving the block rules above the allow ones.) Or maybe you could just stop the "allow by default" and only allow/NAT what you want to allow/NAT in the first place. Since, if you former customer can access this port, everyone else can with the rules design you have described.

sv28 · Apr 10, 2014, 11:19 AM

Hello thanks for your answer. I decided to block IP with this two rules which block all traffic from IP (am i right?):

If IP to be blocked in external
on WAN put
Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any
on LAN put
Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to
block)

doktornotor · Apr 10, 2014, 11:24 AM

You do not need anything on LAN, that's not where the traffic is coming from. Plus, once again, the entire approach feels just totally wrong.

sv28 · Apr 10, 2014, 11:29 AM

OK. Thanks i will check the approach. Thank you.