PfBlockerNG rules is going downwards in the firewall rule everyday

viragomann

okay, it's right.
I believe to remember, I had the same issue at first after installing pfBlockerNG, but can't remember anymore what it fixed. I think, it was quite simple like changing the rule order to something else and save it and changing it back after or reinstalling the packet.
Give it a try.

souradip roy

We are having three firewall's, all are facing the same issue.

doktornotor

Since you didn't bother with posting the firewall rules screenshot, just a generic note. You cannot fiddle with the automatic rules ordering manually. If you need manual ordering, then use one of the aliases options in Rule Action and create the rules yourself.

souradip roy

Sorry we missed that . Please have a look into the screenshot.

![pfblocker firewall rules.jpg](/public/imported_attachments/1/pfblocker firewall rules.jpg)
![pfblocker firewall rules.jpg_thumb](/public/imported_attachments/1/pfblocker firewall rules.jpg_thumb)

doktornotor

This ain't firewall rules screenshot. Firewall rules are under Firewall - Rules. You already posted this.

souradip roy

Ah sorry we misunderstood that. Here is the attachment.Thanks.

![firewall rules.jpg](/public/imported_attachments/1/firewall rules.jpg)
![firewall rules.jpg_thumb](/public/imported_attachments/1/firewall rules.jpg_thumb)

doktornotor

Wonderful. And - the problem is? I cannot see any problem there. It exactly matches pfBNG settings.

BBcan177

@souradip:

We have a pfBlockerNG rules , that is ordered as normal in the settings . The rule is automatically ordered downwards and we need to move it upwards in the firewall stack manually everyday at 12:00AM hours. Please help in this regards.

Which rule(s) are you moving each day?

souradip roy

We are moving the underlying rule in a daily basis at the top of firewall stack.

pfb_ip_rules.jpg_thumb

doktornotor

Yes. That is by design and as configured. Sigh.

dsmithson

What Souradip is saying is that he has to manually move the Block rule to the top after the automatic ordering routine fires. The ordering routine actually does not move the Block rule to the top. It moves it down. The screenshot he is presenting is to highlight the rule that has to be manually moved to the top ever night.

BBcan177

souradip roy,

Goto the IPv4 tab, and Click-Hold-Drag the Block rules to the Top so that they are first. Save.

Repeat that for the IPv6 Tab.

Then execute a "Force update"

pfcode

@BBcan177:

souradip roy,

Goto the IPv4 tab, and Click-Hold-Drag the Block rules to the Top so that they are first. Save.

Repeat that for the IPv6 Tab.

Then execute a "Force update"

The issue was that a rule was created at Floating rule tab, and moved to the top, but once pfBlockerNG updates the rules. all the non-pfBlockerNG rules should be on the top were moved to the bottom, while all the pfBlockerNG rules were on the top, which shouldn't be. Thats the major issue using pfBlockerNG.

doktornotor

@pfcode:

The issue was that a rule was created at Floating rule tab, and moved to the top, but once pfBlockerNG updates the rules. all the non-pfBlockerNG rules should be on the top were moved to the bottom, while all the pfBlockerNG rules were on the top, which shouldn't be. Thats the major issue using pfBlockerNG.

Dude. That is NOT how it works with what the OP configured. OMG… Select the proper option there. Not the one that puts pfBNG rules on the top by design. Really.

souradip roy

Hi ,

We are still in the same state of problem after following your advise. It would be very kind of yours if you can suggest any thing else to fix this.

Thank you in advance.

doktornotor

Yeah, you are in state of problem because you have selected the WRONG ORDER. Looks at the OTHER options there. Pick one that fits your needs. The one shown on your screenshots is NOT the one you want. Possibly you want this one instead:

pfcode

@doktornotor:

Yeah, you are in state of problem because you have selected the WRONG ORDER. Looks at the OTHER options there. Pick one that fits your needs. The one shown on your screenshots is NOT the one you want. Possibly you want this one instead:

Don't know whether you have tested it or not before helping others. I had exactly the same rule order setting as you mentioned, BUT after pfBlockerNG updates its rules. the rules order at Floating rule tab were not right. All the non-pfBlockerNG rules supposedly on the top were moved to the bottom, all the pfBlockerNG rules were placed on the top.

dsmithson

The current setting is the default. Doesn't that option mean to keep the BLOCK/REJECT rules at the TOP? It is not doing that. It is MOVING THEM DOWN AUTOMATICALLY.

doktornotor

@dsmithson:

The current setting is the default. Doesn't that option mean to keep the BLOCK/REJECT rules at the TOP? It is not doing that. It is MOVING THEM DOWN AUTOMATICALLY.

Hopeless. Explained ~10 times by now.

@pfcode: Need a translator, perhaps? Getting absolutely ridiculous. With what the OP configured, yes, it will ALWAYS get moved. Because he configured that this way. PEBKAC. OSI Layer 8 error. ::)

pfcode

Hi, BB

Got your file. It worked like a charm. Thanks much for the fix, well done.