pfBlockerNG blocking SMTP (country blacklist)
-
Hi!
I currently have pfBlockerNG set up. I run my own mailserver at home, I have IMAP/SMTP exposed to the internet.
I have configured pfBlockerNG to block all connections that do not originate from my home country to these open ports. This works perfectly fine, except that I am having an issue with SMTP. Only mail servers located in my country can send mail to my on-prem mail server. I have messed with the "Rule order" setting on pfBlockerNG, but it's either blacklist all ports or whitelist all ports. There is no option to have a single exception for SMTP. I have looked at some old forum posts, found documentation online but nothing was able to help me out.
If cron updates, the firewall rules are ordered like this:
I would like them to be ordered like:
Is there any way to achieve this?
TIA!
-
@matthiasvd Make an alias permit instead and put that alias as source in your IMAP rules, if you really need these public available.
-
@matthiasvd said in pfBlockerNG blocking SMTP (country blacklist):
There is no option to have a single exception for SMTP
When I use pfB, I use Alias Native. That creates the alias and no rules. Then you can use the alias in a NAT or firewall rule as desired.
BTW, it's more efficient to allow Europe than block not-Europe. (less memory usage and time looking through the IPs)
