Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How can I block an external IP address?

    Firewalling
    5
    6
    3637
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sriegerlmsnet.com last edited by

      I found an external IP that is constantly scanning my SMTP server.  I just want to block it entirely.

      I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

      Nothing works, it's still scanning my server.

      Is there anyway to do this with pfSense?

      1 Reply Last reply Reply Quote 0
      • jahonix
        jahonix last edited by

        Remember to put the block rule above the allow rule to your SNMP server so it get's caught first.
        You might need to reset your states as well if the external IP already has a connection open.

        1 Reply Last reply Reply Quote 0
        • S
          sriegerlmsnet.com last edited by

          I did try all that, and sadly it's still attacking.  Any other thoughts?

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            post up your wan rules..

            1 Reply Last reply Reply Quote 0
            • T
              Trel last edited by

              Also where are you seeing that it's attacking/scanning still? Pfsense logs or on the server itself?

              1 Reply Last reply Reply Quote 0
              • M
                muswellhillbilly last edited by

                @srieger@lmsnet.com:

                I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

                Nothing works, it's still scanning my server.

                If you block traffic from that host, it won't stop the scans - it will just mean the scans won't touch any of your services. If you see the remote host being blocked in your firewall logs then that means your block rule is working.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy