pfSense Support Subscription

Author Topic: block and allow port 443?  (Read 2491 times)

0 Members and 1 Guest are viewing this topic.

Offline amrogers3

  • Full Member
  • ***
  • Posts: 100
    • View Profile
block and allow port 443?
« on: December 26, 2010, 11:51:52 am »
I am trying to allow only one host 192.168.0.3 to access the LAN interface 192.168.0.1 port 443 of the pfSense box for administration. At the same I would also like to allow port 443 out for web browsing.

How can I both block and allow port 443? The following configuration allows all hosts on LAN net to connect to 192.68.0.1:443 for administration.

ManagementHosts=192.168.0.3
ManagementPorts=443

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: block and allow port 443?
« Reply #1 on: December 26, 2010, 12:08:24 pm »
Above the third rule (the first one for 443) one that blocks access to the interface IP on port 443 for any host that is not in the ManagementHosts alias.  You can then remove your current last 2 rules.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline amrogers3

  • Full Member
  • ***
  • Posts: 100
    • View Profile
Re: block and allow port 443?
« Reply #2 on: December 26, 2010, 08:15:36 pm »

Thanks CH. Works perfectly. Here are the rules I implemented in case someone else has the same question:



Question: Why doesn't rule #3 block all access to port 443? If I have a host not in "ManagementHosts" accessing a web site over HTTPS, isn't the destination initially 192.168.0.1 because that is the interface it has to go through to be routed to the outside internet?

Offline dreamslacker

  • Hero Member
  • *****
  • Posts: 808
    • View Profile
Re: block and allow port 443?
« Reply #3 on: December 27, 2010, 02:43:45 am »
No, the destination is initially 443 on the original web host address.  The router does the translation along the way when routing the packet for you.  Hence, the firewall rules will check the initial source/ destination before deciding whether to route (pass) or drop the request.