Then you need a deny rule on your LAN interface that says 'DENY SOURCE LANNET DEST PORT 22'.
> -----Original Message----- > From: Cinaed Simson [mailto:cinaed.sim...@gmail.com] > Sent: Thursday, August 12, 2010 5:14 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] question on blocks SSH connections > > On 08/12/2010 03:44 PM, Tim Dickson wrote: > >> I don't know the IP addresses of the SSH servers on the Internet. > > > > Then only allow to the SSH servers you know/want? You can go either > > way... block all and allow only certain IPs Or allow all, and block > > certain IPs On 2.0 you can block by OS type too... > > > I need to block all outbound SSH client connections to the Internet on all > open > outbound ports without interfering with the normal function of the those > ports. > > > -- Cinaed > > -- > > "We are drowning in information and starving for knowledge." > > - Rutherford D. Roger > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional > commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > >