Hi,
I have different networks on different ports on a pfsense.
One of the networks is the management one from which I can access IPMI devices or administration webpages (UPS, switches…).
I want to be able to access the pfsense GUI and terminal only from this network.
On the other networks I want to do a firewall blocking rule on the firewall itself on ports 22, 80 and 443.
I wonder if it’s possible to create only one rule for example creating an alias combining the different addresses of the pfsense and the different ports (didn’t found this option) or a rule with “this firewall” alias with multiple ports or if none if this is possible and I have to create one rule per port I want to block?
Thanks a lot for your help
You can pretty much do this with a floating rule and “quick” mode. That will let you choose multiple interfaces at once and “quick” means the rule will be applied ahead of regular interface-specific rules.
You’ll probably also have to disable the anti-lockout rule, which is under System > Advanced.
You can also create Aliases for ports where you enumerate all ports you want to allow/block and then use the alias where usually the port number goes in the rule.
Thanks for your help.
As I’m not familiar with the floating rules, I configured an alias with the different management ports and did a block rule on each interface.
I will have a look on floating rules later on with a lab setup.