Randy Schultz write:
Yeah I know - bad form replying to one's own message but... could somebody who
knows more confirm or deny if this will work in pfsense:
create an alias that blocks ports, then set up a rule that blocks
from any to the alias
Hi,
it is possible in another way.
First, you have to create a port-alias, but cosinder, that you put only
ports from the same type (tcp or udp) in one alias.
Live example:
allow only secure mailtransport to my mailserver:
1. port alias
<alias>
<name>Secure_mail</name>
<address>465 993 995</address>
<descr/>
<type>port</type>
<detail>SMTPS||IMAPS||POPS||</detail>
</alias>
2. rule
<rule>
<type>pass</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<address>a.b.c.d</address>
<port>Secure_mail</port>
</destination>
<descr>allow secure MAIL to xyz</descr>
</rule>
Hope this helps
bye
Christoph
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]