PfBlockerNG Alias
-
To answer your initial question, use Alias Match.
non-alias Permit (Inbound|Outbound) would apply when you're using pfB to setup your own rules for whichever direction, same idea for Deny. Hope this helps a bit.
-
No that doesn't help.
And don't know why you are referring to "non-alias Permit" that is not what I was referring to.
You also say to use Alias Match but I tried "Alias Permit" and that seems to be working. So really this is not helpful.
And so again I ask what is the difference between "Alias Permit", "Alias Match", and "Alias Native" ?
-
When you select "Permit" it will create rules to allow traffic.
When you select "Match" it will only log the packets and nothing else.
When you select "Native" its the same as "Deny" except that there is no Suppression or Deduplication, the Feeds are downloaded and used in its native format.
There are "Auto" generated rules, and then there are "Alias" type rules. With "Alias" type rules, the pkg makes the Aliastable with the IPs, and then you have to manually create the Firewall rules according to your network needs.
-
Hi BBcan177, first of all thanks for creating and supporting pfBlockerNG.
With "Alias" type rules, the pkg makes the Aliastable with the IPs, and then you have to manually create the Firewall rules according to your network needs.
Specifically with the Alias type rules there are "Alias Permit", "Alias Match" and "Alias Native", can you elaborate what they do in the context of Alias specifically. What I mean is that I use "Alias Permit" with a rule that I created but others have recommended using "Alias Match" and even some say use "Alias Native" but what is the difference specifically in the context of Alias ??
-
When you select any of the Alias types [ Deny, Permit, Match or Native ], they do not create any Firewall rules… So in that sense there is no difference between any of those options... However, If you are going to use this Alias for a "Permit" rule, then select "Alias Permit"...
Alias Match, would be used for a rule whereby you just want to log packets that match the IPs in the list, but do not block or permit them... But selecting "Alias Match" and configuring the rule to be a "Permit" action is in essence the same.... I would recommend to use Alias Permit for permit rules, and Alias Match for Match type rules.
Alias Native is typically used instead of Alias Deny, where its used for a Block Type action, but the IPs do not go thru the Suppression or Deduplication processes... IE: they remain native as per the source of the Feed.
-
@BBcan177 thanks for the clarification that is the info I was looking for as it was not clear in the info block.
Based on your info and comparing it to the suggestions I got from others it seems they were were confused so this should help others too.
-
@bbcan177 first of all thanks for developing and supporting pfBlockerNG which is a great tool to have.
To recap the discussion, would it be correct to state the following:
- "Alias Permit", "Alias Deny", "Alias Match", and "Alias Native" do not create any rule, but they just create lists of IPs (aliases)
- There is not difference in the IP lists created by "Alias Permit", "Alias Deny", "Alias Match", and "Alias Native"
- The "Permit", "Deny", "Match", and "Native" indicates only the intended purpose of the created alias, but actually selecting one alias type versus an other would not make any difference.
This what I understood from the discussion, and would be very thankful if you kindly confirm whether this is correct.
Thanks,
Andrea
-
@aborsic said in PfBlockerNG Alias:
There is not difference in the IP lists created
I don’t think that is correct
@bbcan177 said in PfBlockerNG Alias:
Alias Native is typically used instead of Alias Deny, where its used for a Block Type action, but the IPs do not go thru the Suppression or Deduplication processes... IE: they remain native as per the source of the Feed
So while using Alias Native would have the same net effect, using it would involve more processing when updating the list but less processing while using the list.
I don’t know if the optimisation is different between the other lists.
-
@patch Thank you for the clarification
-
@patch said in PfBlockerNG Alias:
Alias Native would have the same net effect, using it would involve more processing when updating the list but less processing while using the list
Technically it would be the other way around, Alias Native does not look for duplicates.
However you should all probably read this thread which seems to have found that Alias Deny will remove IPs found in other lists which may not be the result you want, if rules for both lists are not denying the same port.
