Guess i figure it out the thing is nat map rules have priority over users define rules so i created a new map rule and associated a rule to block all traffic from 93.174.93.46. im waiting for results to see it working as expected. Thanks
-----Mensaje original----- De: List [mailto:[email protected]] En nombre de [email protected] Enviado el: miƩrcoles, noviembre 30, 2016 1:00 PM Para: [email protected] Asunto: List Digest, Vol 739, Issue 1 Send List mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.pfsense.org/mailman/listinfo/list or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of List digest..." Today's Topics: 1. rules for blocking some ip from internet not working (Yoel Jimenez del Valle) 2. Re: rules for blocking some ip from internet not working (Steve Yates) ---------------------------------------------------------------------- Message: 1 Date: Wed, 30 Nov 2016 15:50:20 +0000 From: Yoel Jimenez del Valle <[email protected]> To: "[email protected]" <[email protected]> Subject: [pfSense] rules for blocking some ip from internet not working Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" I have pfsense 2.3.2_p1 i have a rule to allow all connection to port 25 for smtp is the last rule in wan rules 1.2.3.4 allow any to 2.2.2.2:25 map to 10.20.1.1:25 its working ok I had other rules to block some ip but any of the are working Block source:93.174.93.46 destination wanaddress or thisfirewall but still can access port 25 There is any way pfsense can block those connections skipping the preference of allow to port 25 ------------------------------ Message: 2 Date: Wed, 30 Nov 2016 16:04:36 +0000 From: Steve Yates <[email protected]> To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] rules for blocking some ip from internet not working Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Blocking from 93.174.93.46 to WAN address blocks traffic to the pfSense. It sounds like you are using NAT for the port 25 forwarding. You should end up with a rule allowing traffic from any to 10.20.1.1 on port 25. You must therefore block from 93.174.93.46 to 10.20.1.1. That rule should be above the rule allowing from any to 10.20.1.1 on port 25. -- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Yoel Jimenez del Valle Sent: Wednesday, November 30, 2016 9:50 AM To: [email protected] Subject: [pfSense] rules for blocking some ip from internet not working I have pfsense 2.3.2_p1 i have a rule to allow all connection to port 25 for smtp is the last rule in wan rules 1.2.3.4 allow any to 2.2.2.2:25 map to 10.20.1.1:25 its working ok I had other rules to block some ip but any of the are working Block source:93.174.93.46 destination wanaddress or thisfirewall but still can access port 25 There is any way pfsense can block those connections skipping the preference of allow to port 25 ------------------------------ Subject: Digest Footer _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list ------------------------------ End of List Digest, Vol 739, Issue 1 ************************************ _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
