• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Whitelisting specific inbound IP addresses

Scheduled Pinned Locked Moved pfBlockerNG
12 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sfigueroa
    last edited by Aug 8, 2023, 3:28 PM

    Good morning,

    I’m currently trying to allow specific IP addresses to ping one of my servers, I used pfblockerng for geo ip blocking. I attempted to move the ip white list rule up above all of the blocking rules and it works but the order changes back to default when it reloads. When I change the order of how pfblockerng should be blocking and I change it to allow it works but then it stops geo ip blocking. Does anyone know how to only allow specific ips inbound while geo ip blocking?

    M 1 Reply Last reply Aug 8, 2023, 4:04 PM Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance @sfigueroa
      last edited by Aug 8, 2023, 4:04 PM

      @sfigueroa You can change the sort order

      141da2b2-6db9-4f52-9e30-6e952258b5c1-image.png

      So you probably want your rule (not created by pfblocker) at the top. Therefore change it to the following

      7c0bf41a-16e9-4c62-ba96-f7c3d4225ee5-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      S 3 Replies Last reply Aug 9, 2023, 2:08 AM Reply Quote 0
      • S
        sfigueroa @michmoor
        last edited by Aug 9, 2023, 2:08 AM

        @michmoor I did that reordered my rules and when I reload the go back down to the bottom of the list

        1 Reply Last reply Reply Quote 0
        • S
          sfigueroa @michmoor
          last edited by Aug 9, 2023, 2:13 AM

          @michmoor When I duplicate it it moves it too, do I need to fully recreate it manually?

          1 Reply Last reply Reply Quote 0
          • S
            sfigueroa @michmoor
            last edited by Aug 9, 2023, 6:20 PM

            @michmoor sorry I hope I’m being clear haha. What I’m trying to achieve is to have the certain ips that are white listed at the top and and some ips under the pfblocking rules so they would technically sit in the middle of the rule order

            M 1 Reply Last reply Aug 9, 2023, 6:32 PM Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @sfigueroa
              last edited by Aug 9, 2023, 6:32 PM

              @sfigueroa I think i understand what you are asking for. Similar to what ive done.
              I created an Alias having certain IPs [192.168.5.1 - 192.168.5.5] That option i showed you in the picture allows you to put your custom rules at the top. Then pfblocker. Then you can put custom rules at the bottom.
              All this assumes you are using Floating Rules so pfblocker creates it there which is what i would recommend anyway.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              S 2 Replies Last reply Aug 9, 2023, 7:09 PM Reply Quote 0
              • S
                sfigueroa @michmoor
                last edited by Aug 9, 2023, 7:09 PM

                @michmoor yea I’m trying would to be able to show me a screenshot of where you’re adding your rule? And how it shows in your firewall? My pfsense firewall rules where created in the wan firewall area I have some in the floating but the “geo ip” blocks got created in the regular fire wall area. I did add an alias with the ip and attempted to add. I’ll keep trying, no worries if you’re unable to show me an example.

                1 Reply Last reply Reply Quote 0
                • S
                  sfigueroa @michmoor
                  last edited by Aug 9, 2023, 7:23 PM

                  @michmoor I think I got it!

                  S 1 Reply Last reply Aug 9, 2023, 8:04 PM Reply Quote 0
                  • S
                    sfigueroa @sfigueroa
                    last edited by Aug 9, 2023, 8:04 PM

                    @sfigueroa I take it back I don’t have it

                    B 1 Reply Last reply Aug 9, 2023, 8:21 PM Reply Quote 0
                    • B
                      Bob.Dig LAYER 8 @sfigueroa
                      last edited by Aug 9, 2023, 8:21 PM

                      @sfigueroa You have to update-reload to see the changes.

                      S 1 Reply Last reply Aug 9, 2023, 8:35 PM Reply Quote 0
                      • S
                        sfigueroa @Bob.Dig
                        last edited by Aug 9, 2023, 8:35 PM

                        @Bob-Dig Am I manually adding the below in the floating tab? or should they already be there? because I only see them in the rules section not floating. Im trying to understand how it knows th order.

                        38476862-800f-49d1-83be-f5f625742b3a-image.png

                        M 1 Reply Last reply Aug 9, 2023, 9:22 PM Reply Quote 0
                        • M
                          michmoor LAYER 8 Rebel Alliance @sfigueroa
                          last edited by Aug 9, 2023, 9:22 PM

                          @sfigueroa My advice. That screenshot i would assume is for your WAN facing.
                          By default, pfsense blocks all inbound attempts. So you blocking the world may not make sense if you are not hosting services behind your firewall.
                          If you are hosting services behind your firewall, then you are better off only whitelisting / passing just the countries you need instead of blacklisting the ones you dont.

                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                          Routing: Juniper, Arista, Cisco
                          Switching: Juniper, Arista, Cisco
                          Wireless: Unifi, Aruba IAP
                          JNCIP,CCNP Enterprise

                          1 Reply Last reply Reply Quote 0
                          9 out of 12
                          • First post
                            9/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received