Easyrule CLI help



  • Hello All,
    I am running pfSense 2.2.3 on a box where GUI access has been disabled completely, port forwarding etc will not work its a complete lockdown.
    If possible I would like  to use easyrule CLI to basically close port 21 on wan interface both tcp and udp.

    Is there a way to do this?

    Thanks and regards,
    N



  • WAN has a default deny rule already;  nothing that originates from the outside is permitted.
    You say "port 21" do you mean destination port as in "dest IP is the pfSense box, dest port is port 21" or "any IP source or dest port is port 21"?

    The default deny does a heck of a lot all by itself.



  • Thank Mer for the reply.

    I mean

    1. Dest IP is the pfSense box (WAN interface), dest port is port 21
    2. Dest IP is the pfSense box (LAN interface), dest port is port 21

    Please note that the source can be anything.

    Unfortunately we are unable to use the default rule.



  • @nitinkgoud:

    Thank Mer for the reply.

    I mean

    1. Dest IP is the pfSense box (WAN interface), dest port is port 21
    2. Dest IP is the pfSense box (LAN interface), dest port is port 21

    Please note that the source can be anything.

    Unfortunately we are unable to use the default rule.

    WAN interface default deny rule allowed traffic to port 21?  That seems odd to me.  Are there any redirect rules or other rules on WAN? 
    On LAN, the default rules are "allow anything originating from LAN", so you would need an explicit block for it or a deny everything and add pass rules for just the traffic you want.

    I don't have the CLI in front of me but in both cases it should be a simple "block from any to self port 21" type of rule.  It should go at the end of the user rules (they are evaluated on a first match wins), make sure any pass rules that have aliases for ports don't  include 21 in the alias.

    It would help if you could grab screenshots of your existing rules on WAN and LAN (plus any aliases) or if you only have ssh access to console, the output of the following commands:

    pfctl -svr
    pfctl -sn

    That gives us the loaded and expanded rules in pf.


Log in to reply