Firewall rules do not work



  • Hi,

    I am trying to block internet radios on my network. I figured out on which ip this radio is working.
    So, i am trying to block this ip and this rule do not work.

    I am creating new rule in WAN tab,
    action = block
    interface = wan
    protocol = any or TCP or tcp/udp (tried all options do not work),
    source type = single host or alias
    source address = radio ip address
    souce port = any 
    destination = any
    destination port = any
    shedule = always

    Pfsense is 1.2 final
    I tried to reset states - did not helped.
    I tried to reboot router - did not helped.
    I tried to block everything from wan - it do not block.
    There is no other rules except default (block traffic from RFC networks).

    Maybe i do not understand something or missing something?

    Radio link http://82.135.234.196/Eta.asx

    Thank you for help

    P.S. installed packages bandwithd and darkstat



  • You have not understood the way firewallrules work or how traffic or states are generated. Let me give you some introduction:

    If a client at LAN wants to listen to this radio station the Connection is initiated from the lan client to the server to the server port which then creates a state that allows the radiostream to return to the client. In pfSense all firewallrules are applied on incoming traffic. As you can see the traffic is initiated from the client sitting at LAN, so your firewallrule has to go to the LAN tab, not the WAN tab.

    You need a rule like:

    (at LAN tab)
    block protocol tcp, source any, destination <radioserver ip="">, port <streamingport>, gateway default

    if you want to block the complete IP and not just the radioservice just use protocol any.

    Hope this helps to understand how stateful firewalling works  :)</streamingport></radioserver>



  • thanks, it helped.
    it was my mistake.


Locked