Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Whitelisting specific inbound IP addresses

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sfigueroa
      last edited by

      Good morning,

      I’m currently trying to allow specific IP addresses to ping one of my servers, I used pfblockerng for geo ip blocking. I attempted to move the ip white list rule up above all of the blocking rules and it works but the order changes back to default when it reloads. When I change the order of how pfblockerng should be blocking and I change it to allow it works but then it stops geo ip blocking. Does anyone know how to only allow specific ips inbound while geo ip blocking?

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @sfigueroa
        last edited by

        @sfigueroa You can change the sort order

        141da2b2-6db9-4f52-9e30-6e952258b5c1-image.png

        So you probably want your rule (not created by pfblocker) at the top. Therefore change it to the following

        7c0bf41a-16e9-4c62-ba96-f7c3d4225ee5-image.png

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        S 3 Replies Last reply Reply Quote 0
        • S
          sfigueroa @michmoor
          last edited by

          @michmoor I did that reordered my rules and when I reload the go back down to the bottom of the list

          1 Reply Last reply Reply Quote 0
          • S
            sfigueroa @michmoor
            last edited by

            @michmoor When I duplicate it it moves it too, do I need to fully recreate it manually?

            1 Reply Last reply Reply Quote 0
            • S
              sfigueroa @michmoor
              last edited by

              @michmoor sorry I hope I’m being clear haha. What I’m trying to achieve is to have the certain ips that are white listed at the top and and some ips under the pfblocking rules so they would technically sit in the middle of the rule order

              M 1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @sfigueroa
                last edited by

                @sfigueroa I think i understand what you are asking for. Similar to what ive done.
                I created an Alias having certain IPs [192.168.5.1 - 192.168.5.5] That option i showed you in the picture allows you to put your custom rules at the top. Then pfblocker. Then you can put custom rules at the bottom.
                All this assumes you are using Floating Rules so pfblocker creates it there which is what i would recommend anyway.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                S 2 Replies Last reply Reply Quote 0
                • S
                  sfigueroa @michmoor
                  last edited by

                  @michmoor yea I’m trying would to be able to show me a screenshot of where you’re adding your rule? And how it shows in your firewall? My pfsense firewall rules where created in the wan firewall area I have some in the floating but the “geo ip” blocks got created in the regular fire wall area. I did add an alias with the ip and attempted to add. I’ll keep trying, no worries if you’re unable to show me an example.

                  1 Reply Last reply Reply Quote 0
                  • S
                    sfigueroa @michmoor
                    last edited by

                    @michmoor I think I got it!

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      sfigueroa @sfigueroa
                      last edited by

                      @sfigueroa I take it back I don’t have it

                      Bob.DigB 1 Reply Last reply Reply Quote 0
                      • Bob.DigB
                        Bob.Dig LAYER 8 @sfigueroa
                        last edited by

                        @sfigueroa You have to update-reload to see the changes.

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          sfigueroa @Bob.Dig
                          last edited by

                          @Bob-Dig Am I manually adding the below in the floating tab? or should they already be there? because I only see them in the rules section not floating. Im trying to understand how it knows th order.

                          38476862-800f-49d1-83be-f5f625742b3a-image.png

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            michmoor LAYER 8 Rebel Alliance @sfigueroa
                            last edited by

                            @sfigueroa My advice. That screenshot i would assume is for your WAN facing.
                            By default, pfsense blocks all inbound attempts. So you blocking the world may not make sense if you are not hosting services behind your firewall.
                            If you are hosting services behind your firewall, then you are better off only whitelisting / passing just the countries you need instead of blacklisting the ones you dont.

                            Firewall: NetGate,Palo Alto-VM,Juniper SRX
                            Routing: Juniper, Arista, Cisco
                            Switching: Juniper, Arista, Cisco
                            Wireless: Unifi, Aruba IAP
                            JNCIP,CCNP Enterprise

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.