Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error on Permit Inbound rule IPv4 part

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 617 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tueurdragon
      last edited by Tueurdragon

      Error on Permit Inbound rule IPv4 part

      Hi there,

      I have a problem creating a Permit Inbound rule in the PFBlockerNG-devel module IPv4 part.

      Indeed, I want to create a Whitelist before all the GEOIP blocking rules.

      SETTING part
      Here are the things that I provide:
      Action: Permit Inbound
      Update Frequency: never
      Weekly: Monday
      Auto-Sort Header field: Enable auto-sort
      Enable logging: Enabled
      States Removal: Enabled

      Part Advanced Inbound Firewall Rules Settings
      Custom DST Port: checkbox check , in the input field I enter an alias
      Custom Destination: checkbox check, in the input field I enter an alias
      Custom Protocol: TCP
      Custom Gateway: I choose my gatewaygroup because I have several WANs in failover

      Unfortunately I always get this error

      The following input errors were detected:

       Warning: When using an Action setting of 'Permit Inbound or Permit Both', you must configure at least one of 'Advanced Inbound Custom Port/Destination' settings.
 ===> WARNING <===
 Improper Permit rules on the WAN can catastrophically impact the security of your network!

      And the Custom DST Port and Custom Destination input fields are cleared.

      Can you help me?
      Thanks in advance,

      1 Reply Last reply Reply Quote 0
      • T
        Tueurdragon
        last edited by

        Small clarification,

        I have another PFSENSE firewall with the PFBlocker-NG module in version 3.1.0_1 and it works but obviously it no longer works on the PFBlocker-NG version 3.1.0_7

        1 Reply Last reply Reply Quote 0
        • S smolka_J referenced this topic on
        • S
          smolka_J
          last edited by

          Just verified this on 2 boxes each after a fresh re-flash back to pf 22.05 after changing repos on the updates tab corrupted my conf files and then led to persistent certificate errors at boot, going back to restore configurations I ran into this on each, and in IPv6 whitelists as well. Config.xml restoration went smoothly and re-installed the packages after fine also. Previously saved IP whitelists I created in 21.05 that I haven't edited since show the correct configuration settings when I inspect them inside pfblocker and verified are still working at the auto generated firewall rules in creates. Verified still present in pfblockerng-devel 3.1.0_9, I can no longer edit nor can I create any IPv4/IPv6 whitelist with the available "permit inbound" or "permit both" options as they previously used to function. "Alias permit" does work though with manually configuring a new firewall filter for the alias. Just located this after posting about it too:

          BBcan177BBcan177 MODERATOR 12 days ago
          @bob-dig @cjbujold

          See the patch here and report back pls.

          From the Shell or pfSense GUI > Diagnostics > Command Prompt > Execute Shell Command, run this command to download the patch.

          curl -o /usr/local/www/pfblockerng/pfblockerng_category_edit.php "https://gist.githubusercontent.com/BBcan177/1a33c42d0a61f3ddd9c2f1b1d514ed83/raw"
          "Experience is something you don't get until just after you need it."

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.