OPNsense Forum

English Forums => General Discussion => Topic started by: mitchskis on December 30, 2016, 06:01:41 pm

Title: Block WAN TCP/25
Post by: mitchskis on December 30, 2016, 06:01:41 pm

Hello,

I'm a bit perplexed. Perhaps someone can point me toward documentation.

I'm trying to block all TCP/25 traffic from transiting the WAN connection.

For the WAN firewall I set the following rule --
REJECT
Proto: TCP
Source: *
Port: *
Destination: *
Port: 25
Gateway: *

This properly rejects all incoming port tcp/25. It does not reject traffic from the LAN, OPT1, OPT2, or IPSEC interfaces. If I make rules on each LAN, OPT1, ... interface then it drops the incoming traffic. I can't seem to set any outgoing firewall rules.

Any pointers would be appreciated.

Title: Re: Block WAN TCP/25
Post by: fabian on December 30, 2016, 08:02:41 pm

use a quick floating rule - you can set "in" or "out" there. Interface rules are always "in". Another idea: Use a negated destination for your rule.

Regards,

Fabian

Title: Re: Block WAN TCP/25
Post by: mitchskis on December 30, 2016, 09:19:47 pm

Thanks, this is what I was looking for.

I moved the rule to from WAN to Floating, selected all interfaces, set the Gateway to WAN_GW, and set the direction to out. This rejects all outbound SMTP traffic will allowing internetwork OPT<->LAN SMTP traffic.

Title: Re: Block WAN TCP/25
Post by: mitchskis on December 30, 2016, 09:31:37 pm

Is there any "any interface" option, or does one need to select all interfaces for each rule?

Title: Re: Block WAN TCP/25
Post by: fabian on December 30, 2016, 09:34:28 pm

If you don't select an interface it is equal to any

Title: Floating Firewall Rules
Post by: mitchskis on December 30, 2016, 10:02:48 pm

Thanks!