I'm having to do that since I can't just whitelist the USA. I'm having to block countries that I've seen attacks on the NATed ports and am now adding in IPs that aren't being blocked by the lists. Gotta stop them somehow. Does pfBlockerNG-devel use different lists?
Create an Alias Permit rule using the US GeoIP and apply it to the NAT rules, everything else would be denied by default.
You can also add IP addresses to the IPv4 Custom_List at the bottom.
Here's how I allow SSH / SFTP to my Raspberry Pi that sits in the DMZ.
I had already rebooted once, but I rebooted again, just as I was getting ready to do a full reinstall and was able to add back my custom options and dns is working. The 'dnsbl' line happens to fall on line 108, so I guess it was still cached?
I think everything is normal now... having been struggling with this all afternoon...
Thank you so much! I totally have forwarding on. Furthermore, I realized that specific lists were super trigger happy so I will be debugging sources one by one I guess
@jakes
Yes this will be possible with the upcoming Unbound python integration, but this "profile" feature is not currently completed. I agree that this will be a great feature to have including scheduling times for rules to apply to different profiles...
There are some screenshots and info of the upcoming version on my Patreon page: https://www.patreon.com/pfBlockerNG
I kept doing the wrong thing and "blocking the whole world" and didn't know HOW to do this. Thank you all for helping me understand! :) Smarter not harder!
We all as newbies did this only to learn later that it made no sense.