pfblocker IP list bypass
-
As a workaround for now I created a a floating rule and set it to the top. Then changed the rules processing order in pfblocker.
Maybe its the better way to do it but the pfblockerNG is my preferred way of handling it but IPv4 custom rules set up like this doesnt work.Can anyone reproduce this on their end?
-
If you set it as block in pfBlocker does the rule get created?
I don't see that custom list in the update logs...
-
-
Ok, so it's probably not populating the list. Or it's not enabled or similar.
-
@stephenw10 Yeah for some reason it just doesnt see the custom group. I'll open a redmine
Also i do have an Ports Alias that i use in an Inbound Firewall rule in conjunction wtih GeoIP thats processed without issue.
-
This seems like it might just be the list isn't configured correctly. What is in that list apart from the custom firewall source?
-
Yes, in fact re-reading this it looks like you might have created an empty list and just added the alias the firewall rules section as a source to use?
That won't create any rules since nothing is actually listed.You probably want to add the IPs directly in the 'IPv4 Custom_List' section.
-
This post is deleted! -
@stephenw10 Ok I see what you mean now. My logic was faulty.
But when i add it to the custom IPv4 list those IPs show up as Destinations. I suppose setting it to Alias Native would work but anyway to have the IPs listed in my field set to sourceEDIT: Figured it all out...
Going out for a drink. haha.
@stephenw10 @SteveITS Appreciate yallEDIT2: For future me or anyone else who looks back at this.
- Create the custom group with the IPv4 Custom_List IPs.
- Set to Alias Permit
- Under Floating Rules , create a Pass rule.
- Set the Firewall Auto Rule Order to pfSense Pass...
- Adjust accordingly.
My rule is at the top exactly where I needed it to be.
-
Yup, that's probably how you'd have to do it.
My only concern there is that the pfBlocker auto-rules might get moved above that when they are reloaded. You should check that.
-
