Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RULES: Allow http/https traffic and block everything else

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elchakal3000
      last edited by

      Hello!

      I recently installed pfsense in a Dual Core 2GB RAM PC.

      I need to allow HTTP and HTTPS traffic, and block every other ports to prevent p2p, streaming, etc.

      I followed these instructions:

      http://pfsensesetup.com/egress-filtering-with-pfsense/

      It seems pretty simple, but the thing is that when I disable the "Default allow LAN to any" it blocks everything, I mean all the ports EVEN http and https.

      Is there anything wrong I am doing here??

      I´d really appreciate any help.

      Thanks in advance.
      Regards.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Firewall rules are processed top-down until first match is found.  With the LAN to Any rule disabled, it should go to the next rule in your list.  Can you provide a shot of your rules list?

        1 Reply Last reply Reply Quote 0
        • E
          elchakal3000
          last edited by

          KOM, thanks for the quick response!

          I am not in front of the PC right now.
          But I have all only two rules enabled, the one for http and the one for https (at the top)

          At the bottom, is the "default lan to any" rule in DISABLED state (grey).

          Regards!

          1 Reply Last reply Reply Quote 0
          • V
            vindenesen
            last edited by

            You might also need to add a rule for DNS (udp/tcp port 53).

            Support the project by buying a Gold Subscription at https://portal.pfsense.org
            Running pfSense on SuperMicro A1SRI-2758F with ESXi 5.5

            1 Reply Last reply Reply Quote 0
            • E
              elchakal3000
              last edited by

              Hum… DNS, sounds logical since I am not using pfSense as DNS Server.
              I will try this, and I´ll let you know!

              Thanks in advance!
              Regards!

              1 Reply Last reply Reply Quote 0
              • V
                vindenesen
                last edited by

                @elchakal3000:

                Hum… DNS, sounds logical since I am not using pfSense as DNS Server.

                Even if you did use pfSense as the local DNS server/forwarder, I think you still would need a rule that allows DNS traffic towards pfSense.

                Support the project by buying a Gold Subscription at https://portal.pfsense.org
                Running pfSense on SuperMicro A1SRI-2758F with ESXi 5.5

                1 Reply Last reply Reply Quote 0
                • E
                  elchakal3000
                  last edited by

                  You are right vindenesen, I was just reading this:

                  https://doc.pfsense.org/index.php/Example_basic_configuration

                  it seems I had to add that rule even if I use the primary router as DNS server.

                  I´ll let you know.

                  Regards!

                  1 Reply Last reply Reply Quote 0
                  • E
                    elchakal3000
                    last edited by

                    It works perfect!
                    Http and https access is ok now.

                    I checked p2p, and it doesnt work, so the rules are working.

                    Now I am on streaming filtering.
                    I ´ll open another thread for this.

                    Thank you very much for your help!
                    Regards!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.