Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Floating Rule assistance (block specific traffic when VPN down)

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 636 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sparks305
      last edited by

      I am trying to configure a floating rule to block traffic (WAN) from a specific IP/port (192.168.12.5:47864) when VPN (PIA) goes down, but still allow everything else via WAN on same IP (192.168.12.5).

      Floating rule configuration:

      Action: block
      NOT A QUICK RULE
      Interface: WAN
      Direction: Any
      TCP/IP Version: IPv4
      Protocol: TCP/UDP
      Source: 192.168.12.5
      Source port range (to&from): 47864
      Destination: any
      Destination port range: any
      log: checked
      Description: Kill WAN if VPN DOWN

      FAIL: tested by disabling openvpn, then watched as the traffic resumed on WAN.

      Thanks for help all!

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Floating rules on WAN out are post-NAT so you can't match on the source address. It's already been translated.

        Mark the traffic on the rule that sends it to the VPN in the first place then block that mark on WAN out.

        https://forum.pfsense.org/index.php?topic=76015.msg494089#msg494089

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.