secure VPN with GeoIP
-
Hi i'm using pfblocker.
I defined GeoIP rules and I allow outbund connections towards entire Europe.
So in GeoIP i'm allowing connections towards Europe (permit outbund)
I need to set up a more specific rule.
I'm using VPN SSL to reach my firewall.
I would like to allow connection inbound to VPN on port 1194 only for IP located in Germany.
How can i do that?
thanks a lot -
@reynold Yes, you can just create an alias and add it as a source on the VPN SSL rule on the WAN interface.
My SFTP/SSH rule just includes the UK and I switch it on when someone needs to do a download to my SFTP server.
-
@NogBadTheBad
Thanks, i understand.
But i'm not able to create alias in pfblocker.
I did not found documentation.
HOw can i do that? -
Firewall -> pfBlockerNG -> IP -> IPv4
Add
Then hit save, you'll need to force an update.
You can't mix IPv4 & IPv6 in a single alias.
-
@NogBadTheBad
Thanks a lot!
I have another question.
Using alias can i edit the rule and specify some port?
For example i would like to allow traffic vs some countries only on port 80 and 443.
Can i use alias in pfblocker for countries and then using alias that i created early in pfsense (for example web services port 80 and 443)? -
@reynold You could create a port alias using Firewall -> Aliases -> Ports and use that, but IMO it makes more sense to have separate firewall rules for each port
-
@NogBadTheBad
I did it, but I'm not able to include port in pfblocker rule -
@reynold You can’t in the pfblocker section, you’d do it in the wan firewall page.
-
@NogBadTheBad
thx I did it
