Floating Rule assistance (block specific traffic when VPN down)
sparks305 last edited by
I am trying to configure a floating rule to block traffic (WAN) from a specific IP/port (192.168.12.5:47864) when VPN (PIA) goes down, but still allow everything else via WAN on same IP (192.168.12.5).
Floating rule configuration:
NOT A QUICK RULE
TCP/IP Version: IPv4
Source port range (to&from): 47864
Destination port range: any
Description: Kill WAN if VPN DOWN
FAIL: tested by disabling openvpn, then watched as the traffic resumed on WAN.
Thanks for help all!
Floating rules on WAN out are post-NAT so you can't match on the source address. It's already been translated.
Mark the traffic on the rule that sends it to the VPN in the first place then block that mark on WAN out.