Also keep in mind that pf evaluates the state table before any rules, and if there's a remaining state for the IP address it will still have access even if you add a block rule. You need to kill any remaining states for that IP after adding the rule, and I'm not sure if pf does this automagically.
toss up your ruleset and NAT tables on a pastebin and I'll have a look at them. I'm assuming the malicious IP is external. Seems like a silly question, but you'd be surprised. On Sat, Sep 26, 2009 at 6:07 PM, Chris Buechler <cbuech...@gmail.com> wrote: > On Sat, Sep 26, 2009 at 11:04 PM, Chris Flugstad <ch...@cascadelink.com> > wrote: > > I have public IP's on my LAN and outbound NAT off. I have a ip address > that > > is somewhat malicious and needed to block traffic to and from it. > > i tried making fw rules but that didnt work > > > > any ideas? > > > > That's all you need to do. Make sure they're in the right order, first > match wins. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >