Help with blocking specific IP from WAN
I am having an issue with a person attempting to connect into my systems from the IP address of 220.127.116.11
I setup a rule in my Firewall to stop the attacks. However, I still show this IP as attempting to log into my server. I have rebooted the pfsense box just to see if the rule would kick in - no luck. My rule is setup as follows:
ACTION = Block
INTERFACE = WAN
TCP/IP VERSION = IPv4
SOURCE = Single host or Alias
Address = 18.104.22.168
DESTINATION = Any
All other options are left at default.
A little help would be greatly appreciated.
Did you put that rule at the top?
No, it is at the bottom…should I move it up?
Rules are matched top down, first one wins so yes. He's probably hitting the rule that passes the port forward first. that has a source of any.
In general, rules go from most-specific on the top to least-specific on the bottom.
Thank you very much for the help. I will make the change now and let you know what effect it has.
That did the trick!
Thank you very much for your help!
Have a great weekend!