• Hello,
    are there any ways to built  an "interactive rules"?. I would like to have a rules that , when a specific (or a range) wan  Ip is trying  to connect to the server of my internal lan, permit me to block or permit (as I want in that moment) the access request.
    Many thanks to all for the help, and excuse me my bad english.


  • Sorry,  not sure what you are asking…

  • I think I understand what you mean, however that won't work and you probably would have a lot of questions to handle with todays internettraffic hitting your ports. Check your firewall logs for connection attempts at status>system logs, tab firewall. Not doable nor useful imo.

  • Many thanks to all for the replies,
    That I would want is this. I have four  remote  clients that acess my internal lan server (WIN 2003) by terminal server. The rules in the firewall permit traffic of these  four Ip addresses. I would like to receive a message on my pc when one of this ip is connetting to my internal lan server and decide in that moment what to do : block or permit.

    I hope in your help,

  • The best solution at the moment is to install a personal firewall on the your server, one that prompts you on incoming connection attempts. Then open a terminal window to your server from your pc.

  • Other solution:

    • enable remote syslog server at the pfsense and create a block rule with "log" enabled
    • disable logging of default deny rule
    • install syslog deamon at your client that sends you a mail on receiving this alert or plays a beep or a popup or whatever (depends on the tool you use)
    • create a rule in the webgui for this connection to pass above the logging rule and disable it (you can quickenable/disable this rule by clicking the small pass icon in front of the rule and hitting apply)

    It's not like a popup and only clicking an allow or deny button but might work depending on how often you need it.