How can I block an external IP address?

sriegerlmsnet.com

I found an external IP that is constantly scanning my SMTP server.  I just want to block it entirely.

I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

Nothing works, it's still scanning my server.

Is there anyway to do this with pfSense?

jahonix

Remember to put the block rule above the allow rule to your SNMP server so it get's caught first.
You might need to reset your states as well if the external IP already has a connection open.

sriegerlmsnet.com

I did try all that, and sadly it's still attacking.  Any other thoughts?

johnpoz

post up your wan rules..

Trel

Also where are you seeing that it's attacking/scanning still? Pfsense logs or on the server itself?

muswellhillbilly

@srieger@lmsnet.com:

I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

Nothing works, it's still scanning my server.

If you block traffic from that host, it won't stop the scans - it will just mean the scans won't touch any of your services. If you see the remote host being blocked in your firewall logs then that means your block rule is working.