• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem with ordering

pfBlockerNG
2
5
1.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    romor
    last edited by Oct 20, 2016, 11:31 AM

    Hello,

    i have problem with pfBlocker rules ordering Its not a bug, its feature:-)

    I need to have Whitelist on top of firewall rules, because some of our branches have IP in blacklist and theyer providers dont want solved this problem (existence in blacklist).
    That mean, in ordering i need select

    | pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match | pfSense Block/Reject |

    because if i select first (default) value, whitelist rule is automatically behind pfBlocker Block rules. Thats bad.

    But problem is on another interfaces, because on bottom of list i have Allow rule for access to inenet.
    FW list like this:

    • Allow rules
    • Deny rules
    • Allow rule to internet

    But if i turn pfBlocker on, ordering | pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match | pfSense Block/Reject | make my list to bad state.
    Like this:

    • Allow rules
    • Allow rule to internet
    • Deny rules

    That mean, all traffic from all interface are after turning on pfBlocker allowed.

    My question sounds: "Can you add new order like | pfB_Pass/Match | pfB_Block/Reject | All other Rules | (original format)??"

    Or exist solution, that if firewall process all firewall rules, automatic allow all traffic?? In this moment after process all firewall rules all traffic is blocked.

    Thanks…

    1 Reply Last reply Reply Quote 0
    • B
      BBcan177 Moderator
      last edited by Oct 20, 2016, 8:07 PM

      Unfortunately, there are millions of possibilities to re-order the Firewall rules…  I can't add every possibility...

      You can try to create some of your pfSense rules in pfBlockerNG (using the customlist and Adv. In/Out settings), so that it can be ordered as required... or you might need to use "Alias Type" rules, which are manually created... refer to the blue infoblocks in the IPv4 Tab (List Action) on how to do that...

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • R
        romor
        last edited by Nov 1, 2016, 3:19 PM

        Hi, ok, i found another solution, i use pfBlocker only to WAN and all is ok now with main ordering.

        But i have another problem.
        If i order my rules, pfblocker after update order my rule to another position.
        Why?
        He have some algorithm to it??
        Because i dont see sort by name or IP, or port..

        But ordering is different as before update pfBlocker. All rules is same type (allow).

        For example, after turning on pfBlocker is rule list::
        Rule 3
        Rule 1
        Rule 2

        I change it to:
        Rule 3
        Rule 2
        Rule 1

        And after rerun pfBlocker or Update list is again:
        Rule 3
        Rule 1
        Rule 2

        Why, please?

        1 Reply Last reply Reply Quote 0
        • B
          BBcan177 Moderator
          last edited by Nov 2, 2016, 12:27 AM

          Change the "Rule Order" setting in the General tab to suit your network, or choose an "alias type" and create the rules as required for your setup.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • R
            romor
            last edited by Nov 2, 2016, 1:04 PM

            Thank you very much. I change all to Alias type and make own rules manualy and all is working.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.