Blocks do not block anything

[Paddle7306]

Best I can tell, blocking rules don't work at all. I am trying to let through only port 1197 on a certain IP, have the rules in place, but it doesn't do anything. I've been unable to find any guides regarding OPNsense so I'm taking shots in the dark setting this up. The wiki doesn't really cover much unless I missed that page. I've attached a screenshot of my rules (first half; there is another from 1198 to max). Zenarmor shows there's plenty of 80 and 443 traffic moving on this computer. Why doesn't this work? Is there any documentation for this software? Or, can you recommend a better firewall, preferably one that can more gracefully block tormenting than this solution?

[netnut]

Or, can you recommend a better firewall, preferably one that can more gracefully block tormenting than this solution?

From your post it isn't clear what you're trying to block, also the screenshot is missing a simple description what the rule should do. Looking at the rule you created it doesn't make much sense to switch to another firewall, because the rule you created (with source port 1 - 1196) will probably mismatch on 99,999 % of regular IP connections on every firewall on the planet.

So some context on what you want to achieve might help, or you can try another firewall and see if my last statement ^^^ is true.

P.S. The Fine Manual is at ::: https://docs.opnsense.org/manual/firewall.html

[Paddle7306]

I'm trying to allow .40 to only access its VPN connection, on 1197.  I have two rules (one from 1-1196 and the other from 1198-65535). Its not working and the wiki's instructions aren't blocking anything.

[netnut]

Its not working and the wiki's instructions aren't blocking anything.

That's correct, it just tells you how to configure firewall rules. It assumes, as any other firewall, you are aware of a pile of RFC's that describes how Ethernet, IPv4/IPv6 and Routing works (to name a few).

But let me try, assuming this is the one AND only rule for your LAN interface:
(if there are other rules you have to consider sequence and overlapping)

Action:                          Allow
Disabled:                      [Unchecked]
Quick:                          [Checked]
Interface:                     LAN
Direction:                     IN
TCP/IP Version:             IPv4
Protocol:                       TCP/IP
Source / Invert:             [Unchecked]
Source:                         Single Host or Network / 192.168.1.40
Source Port Range:        any * See also comment for this field in GUI
Destination / Invert:      [Unchecked]
Destination:                  [IP of VPN Server]
Destination Port Range: From 1197 To 1197

All others fields in this rule can be left default, a nice description is always helpful but optional.

With a default policy of Deny Any / Any that blocks everything, this single rule allows a VPN connection FROM 192.168.1.40 TO [IP of VPN Server]. You're using the LAN interface, so there's probably a default IPv4 Allow and IPv6 Allow rule in place. If this is the case you should place this rule first (above default and/or more generic rules) and add another rule that blocks ANY protocol and source/destination port for ONLY 192.168.1.40.

Action:                          Block
Disabled:                      [Unchecked]
Quick:                          [Checked]
Interface:                     LAN
Direction:                     IN
TCP/IP Version:             IPv4/IPv6
Protocol:                       any
Source / Invert:             [Unchecked]
Source:                         Single Host or Network / 192.168.1.40
Source Port Range:        any * See also comment for this field in GUI
Destination / Invert:      [Unchecked]
Destination:                  any
Destination Port Range: any


This isn't different from any other (decent) firewall available.