Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocks any traffic in the FORWARD chain

    Scheduled Pinned Locked Moved NAT
    12 Posts 5 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n.vakili
      last edited by

      Hi every body

      I want to blocks any traffic from  the forward chain
      like this 'iptables -P FORWARD DROP'

      but I don't how to do this in pfsense
      thanks

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        By default PFS drops all traffic from the WAN side and allows all traffic from the LAN side. You don't say from where or how you want to drop packets, so I assume this is how you need it to be. Otherwise, you can remove the Default LAN -> any rule and put your own custom rules in place if that's what you mean.

        1 Reply Last reply Reply Quote 0
        • N
          n.vakili
          last edited by

          thanks dear

          it's mean traffic that comes from my (V)LANs and is not destined for the router (pfsense) itself will NOT be forwarded

          • traffic that comes from outside networks and is destined for machines on your (V)LANs will NOT be forwarded (even when NATting)
          • to 'get through' the router now, users have to enable the proxy settings in their OS / browsers (default port 3128)
          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            There are no concepts of chains in pf. Just configure your firewall rules accordingly to allow traffic to the proxy and block everything else.

            1 Reply Last reply Reply Quote 0
            • N
              n.vakili
              last edited by

              thanks

              how can I do this to allow traffic to the proxy and block everything else.

              can you please give me a tutorial

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Just add a rule above your Allow All rule on your LAN and VLANs that blocks access to ports 80/443.  You can either use two rules (one for each port), or create a port alias for 80 & 443 then create one rule that blocks access to that alias as the destination port.

                1 Reply Last reply Reply Quote 0
                • N
                  n.vakili
                  last edited by

                  thanks dear

                  Can you send me  a screenshot or a complete tutorial because I am not familiar very well with pfsese

                  thanks

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    SMH dear

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • N
                      n.vakili
                      last edited by

                      'iptables -P FORWARD DROP'

                      I want to disable FORWARD Chain in Pfsense

                      thanks

                      1 Reply Last reply Reply Quote 0
                      • M
                        muswellhillbilly
                        last edited by

                        Here you go, darling:
                        https://doc.pfsense.org/index.php/Example_basic_configuration

                        1 Reply Last reply Reply Quote 0
                        • KOMK
                          KOM
                          last edited by

                          Everyone: The use of terms of endearment are common with speakers from the Middle East.  While they may appears out of place to us in a technical discussion, please don't mock them for it.

                          N.Vakili: See the diagram where I have created an alias called Web_Ports that holds 80 & 443.  The rule is placed above the Default allow LAN to any rule.  The effect of this rule is to block all access to the standard web ports.

                          LANRule.png
                          LANRule.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • M
                            muswellhillbilly
                            last edited by

                            @KOM:

                            Everyone: The use of terms of endearment are common with speakers from the Middle East.  While they may appears out of place to us in a technical discussion, please don't mock them for it.

                            Noted. Though in truth I thought this was more a Google-translate error and was really gently mocking what I thought was a technical mishap on their part.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.