Netgate SG-1000 microFirewall

Author Topic: How can I block an external IP address?  (Read 2706 times)

0 Members and 1 Guest are viewing this topic.

Offline srieger@lmsnet.com

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
How can I block an external IP address?
« on: May 06, 2016, 04:00:52 pm »
I found an external IP that is constantly scanning my SMTP server.  I just want to block it entirely.

I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

Nothing works, it's still scanning my server.

Is there anyway to do this with pfSense?

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2612
  • Karma: +156/-27
  • volunteer since 2006
    • View Profile
Re: How can I block an external IP address?
« Reply #1 on: May 06, 2016, 04:22:45 pm »
Remember to put the block rule above the allow rule to your SNMP server so it get's caught first.
You might need to reset your states as well if the external IP already has a connection open.
Chris


Offline srieger@lmsnet.com

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: How can I block an external IP address?
« Reply #2 on: May 09, 2016, 12:40:01 pm »
I did try all that, and sadly it's still attacking.  Any other thoughts?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15731
  • Karma: +1467/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How can I block an external IP address?
« Reply #3 on: May 09, 2016, 12:45:22 pm »
post up your wan rules..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: How can I block an external IP address?
« Reply #4 on: May 09, 2016, 04:28:31 pm »
Also where are you seeing that it's attacking/scanning still? Pfsense logs or on the server itself?

Offline muswellhillbilly

  • Hero Member
  • *****
  • Posts: 935
  • Karma: +73/-4
    • View Profile
Re: How can I block an external IP address?
« Reply #5 on: May 10, 2016, 02:29:54 am »
I've tried creating WAN, LAN and Floating rules with that external IP as the source address and any as the destination IP and any Port and of course checked the box to block traffic.

Nothing works, it's still scanning my server.
If you block traffic from that host, it won't stop the scans - it will just mean the scans won't touch any of your services. If you see the remote host being blocked in your firewall logs then that means your block rule is working.