Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow Group Of Ports

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      ddr
      last edited by

      Hi All,
      I have a Some list of ports have to allow, and i have to block other ports. I Created Aliases for Allowed ports . but how add this port aliases to firewall rules?

      1 Reply Last reply Reply Quote 0
      • M Offline
        mer
        last edited by

        On the rules page, editing the rule, Destination port range select other, then put the aliases name the box.  Source port is found under the advanced tab and should work the same way.

        At least that's what I have in my rules.

        1 Reply Last reply Reply Quote 0
        • D Offline
          ddr
          last edited by

          Thank You.. May i Know How to Block Other Ports Not mentioned on that List?

          1 Reply Last reply Reply Quote 0
          • M Offline
            mer
            last edited by

            If the rule is a Pass rule and you specify a range of ports,  by definition it blocks ports not on that list.

            1 Reply Last reply Reply Quote 0
            • D Offline
              ddr
              last edited by

              is there any way to check those ports are allowed or Not?

              1 Reply Last reply Reply Quote 0
              • M Offline
                mer
                last edited by

                It starts with default deny:  Block everything unless there is a rule to pass it.

                If you get to the console or ssh in, output of the command "pfctl -s rules" shows the rules that are currently active and order of evaluation.  Start at the top and go down, see what's passed and what's blocked.  Should be "last match wins unless there is a quick on the rule".

                Or you could simply test, trying to connect or send traffic to the ports/destinations that you want to block.  One should always test against their desired requirements, not simply assume that "it should work".

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  If it is not passed it is blocked.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.