Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Permit United States only for specific port on WAN interface

    Scheduled Pinned Locked Moved pfBlockerNG
    10 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikej47
      last edited by

      I am using pfBlockerNG-devel version 3.1.0.

      Currently I have Geo IP blocking many countries on my WAN interface but all I really need to do for efficiency is protect one specific port number so that only the United States is permitted to it.

      I am under the impression that I can create a Alias allow rule for my specific port but can't seem to figure out exactly how to do it.

      How would I go about picking only the United States from Pfblocker's Geo IP and created an Alias just for this one country?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @mikej47
        last edited by

        @mikej47 create alias and only put in the US.. here I use it in this alias of mine for my plex.. I have user in Morocco - but just just the US in yours

        usgeo.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        M 1 Reply Last reply Reply Quote 0
        • M
          mikej47
          last edited by

          Ok, got it. And then for my one port - do I add my custom destination port when I am creating this or can I simply add this new IP/Geo IP list to the source of a firewall rule that already exists?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @mikej47
            last edited by johnpoz

            @mikej47 I would put your alias in the port forward, then it will auto create it in your associated rule

            edit: here is mine for example

            here.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            M 1 Reply Last reply Reply Quote 1
            • M
              mikej47 @johnpoz
              last edited by

              @johnpoz Thank you. This is a great feature. I like how I can get a lot more granular with my rules this way.

              1 Reply Last reply Reply Quote 0
              • M
                MoonKnight @johnpoz
                last edited by

                @johnpoz said in Permit United States only for specific port on WAN interface:

                @mikej47 create alias and only put in the US.. here I use it in this alias of mine for my plex.. I have user in Morocco - but just just the US in yours

                usgeo.jpg

                Hi @johnpoz :)

                Could you please share the rest of your settings from that picture?

                And what in the "Action" what are you using there?
                8189a512-261a-429b-b411-49ed352c0f67-image.png

                --- 24.11 ---
                Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
                Kingston DDR4 2666MHz 16GB ECC
                2 x HyperX Fury SSD 120GB (ZFS-mirror)
                2 x Intel i210 (ports)
                4 x Intel i350 (ports)

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @MoonKnight
                  last edited by johnpoz

                  @ciscox said in Permit United States only for specific port on WAN interface:

                  Could you please share the rest of your settings from that picture?

                  sure

                  alias.jpg

                  I really only use pfblocker for alias management.. And then use those aliases in my rules manually..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  M 1 Reply Last reply Reply Quote 2
                  • M
                    MoonKnight @johnpoz
                    last edited by

                    @johnpoz said in Permit United States only for specific port on WAN interface:

                    @ciscox said in Permit United States only for specific port on WAN interface:

                    Could you please share the rest of your settings from that picture?

                    sure

                    alias.jpg

                    I really only use pfblocker for alias management.. And then use those aliases in my rules manually..

                    Thank you very much @johnpoz :)

                    And what are your settings inside AllowPfb?
                    86cc0481-14c2-428f-bb22-cd4f06cb430c-image.png

                    --- 24.11 ---
                    Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
                    Kingston DDR4 2666MHz 16GB ECC
                    2 x HyperX Fury SSD 120GB (ZFS-mirror)
                    2 x Intel i210 (ports)
                    4 x Intel i350 (ports)

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @MoonKnight
                      last edited by

                      @ciscox its set to alias - which is shown on that first summary sort of page

                      setalias.jpg

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      M 1 Reply Last reply Reply Quote 1
                      • M
                        MoonKnight @johnpoz
                        last edited by

                        @johnpoz said in Permit United States only for specific port on WAN interface:

                        @ciscox its set to alias - which is shown on that first summary sort of page

                        setalias.jpg

                        What the heck, I didn't know about this. This is going to make things much easier now :)

                        Thank you very much :)

                        --- 24.11 ---
                        Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
                        Kingston DDR4 2666MHz 16GB ECC
                        2 x HyperX Fury SSD 120GB (ZFS-mirror)
                        2 x Intel i210 (ports)
                        4 x Intel i350 (ports)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.