NAT happens before firewall rules are applied so if you are port forwarding, say, WAN address:80 to 192.168.1.100:80 you need to pass traffic to 192.168.1.00:80 on WAN. The automatically-generated rules on a port forward will always do the right thing.

If your resolving and having problems - you need to figure out where your having problem following down from roots.. Do a dig +trace to find out where your problem is.. That returns a cname, which then would have to be resolved as well $ dig feeds.megaphone.fm ; <<>> DiG 9.14.1 <<>> feeds.megaphone.fm ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8931 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;feeds.megaphone.fm. IN A ;; ANSWER SECTION: feeds.megaphone.fm. 3599 IN CNAME cds.f3d9q2w8.hwcdn.net. cds.f3d9q2w8.hwcdn.net. 3600 IN A 69.16.175.42 cds.f3d9q2w8.hwcdn.net. 3600 IN A 69.16.175.10 ;; Query time: 513 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Sun May 19 20:50:02 Central Daylight Time 2019 ;; MSG SIZE rcvd: 115

@HansSolo Configuration is listed under Firewall\pfBlockerNG. Status is listed under Status\Services. I'm using the Devel version which is much more plug/play than the Release version.

@NogBadTheBad Yeah I can promise you for sure that people that run tor exit sites might also be members of the ntp pool.. NTP doesn't limit who can join - your IP just needs to provide stable time.. Which is checked and if your score drops below 10 then your IP is removed from the pool until its score goes above 10, etc..

You could deselect the "Save settings" check box on the first page and then uninstall/reinstall or rm -rf /var/db/pfblockerng/ then force an update.

All comes down to what key words used ;) While the search feature here is for sure not going to be giving google a run for its money - hehehe You can find stuff.. But prob best to do is just manually look for threads in the section that makes sense, especially if you think something has recently broken or happened to cause a problem. [image: 1557840185949-keywords.png]

Yup got it. I didn't know it could create aliases I could use in my own rules ! Much better.

yep that is the option I was looking for, many thanks!!!!

Without knowing more about what you're trying to do the following configuration should create a rule similar to the screenshot you posted. Replace "Alias for your 10.40.2.56 IP" with an alias you created that contains that IP and select the appropriate gateway at the bottom. Protocol can't be "any" for advanced rules but "TCP/UDP" is the best you can do. This rule will allow all TCP/UDP traffic from 10.40.2.56 to get to the gateway but it cannot force all traffic from 10.40.2.56 to go through the gateway. That would require a routing rule, not a firewall rule (outside the scope of pfBlockerNG). [image: 1557058218779-ipv4rule.jpg]

Alright, I was finally able to make the -devel package work, by reinstalling pfSense from scratch. Glad to see the IPv6 rules are now working properly! Thank you for your help.

Install pfBlockerNG-devel

@guardian said in IP Blocking - Is this a bug?: Thanks for the reply @BBcan177. So is this a bug? I can understand a list changing, and that's no problem -- am I correct that the list name is not logged when the event occurs? Am I correct then that it's just a matter of report not being able to show which list the IP address is in because the list has changed? When you refresh the Alerts tab in pfBlockerNG, it checks to see if the IP is still listed in the /var/db/pfblockerng/deny/ folder. If it doesn't find the IP, it will report as "No Match". What gets added/removed in the Feed (URL) is not managed by the package. IPs are being added/removed all the time by the Feed Maintainers.

@genghiskern Can you try this: https://www.reddit.com/r/PFSENSE/comments/b5qpm5/unbound_resolver_error_cant_assign_requested/ejgkuyz/?context=3

pfBlockerNG-devel is the version presently deployed.