PfBlockerNG update removing firewall rules schedule

jamesbeale · Nov 6, 2016, 10:41 PM

Hi

Can anyone replicate this problem? It seems like my firewall schedule rules are being removed by pfBlockerNG update.

See before and after screens attached.

Thanks.

James.
![Rules before pfblockerng update.jpg](/public/imported_attachments/1/Rules before pfblockerng update.jpg)
![Rules before pfblockerng update.jpg_thumb](/public/imported_attachments/1/Rules before pfblockerng update.jpg_thumb)
![Rules after pfblockerng update.jpg](/public/imported_attachments/1/Rules after pfblockerng update.jpg)
![Rules after pfblockerng update.jpg_thumb](/public/imported_attachments/1/Rules after pfblockerng update.jpg_thumb)

BBcan177 · Nov 7, 2016, 4:12 AM

If you are using "auto type" rules, you need to utilize the Adv. In/outbound firewall rule settings to configure the rule. Otherwise use "alias type" rule settings and create the rule manually. Click the blue infoblock icons in the IPv4 tab for more details.

jamesbeale · Nov 7, 2016, 12:52 PM

Thank you so much for taking the time to reply.

I'm afraid I'm struggling with getting the pfBlockerNG and Alias parts to perform together, probably because I'm misunderstanding what's needed.

So, here goes - with apologies!

In the attached screen shots, "pfblockerng ipv4.jpg" and "pfblockerng ipv4_part2.jpg", I think I'm asking pfBlockerNG to create an alias list called engbfacebook, using Whois from the AS number AS32934.

Certainly this does create the file /var/db/aliastables/pfB_engbfacebookcom.txt, which is filled with IP addresses.

All well so far!

But then I fall over how to get this information over to the Alias section of the Firewall tab. In "pfblocerng ipv4_part2.jpg" I thought I was asking pfBlockerNG to either create or add to a Firawall Alias called engbfacebook.

I have tried both creating a blank Alias called engbfacebook, and no Alias at all. Neither method results in an Alias with a list of IPs from pfB_engbfacebookcom.txt.

Once I can understand where I've gone wrong here, the manual creation of a rule is straightforward enough… I think!

Can I trouble you once more, please, to tell me where I'm going wrong with this?

Thanks again,

James.

BBcan177 · Nov 8, 2016, 4:10 AM

When you use "Alias Deny" It will not auto create the firewall rules… So configuring the "Adv. In/Out" Firewall rule customizations are not applicable for the "Alias type" rules... Please click on the Blue infoblock icon in the "List Action" settings for further details.

Goto the pfSense tab - Firewall/Aliases/URLs and you will see the defined pfBlockerNG Aliases... These can be referenced in manually created firewall rules in the "Destination/Source" input field (ie - "Single Host or alias")

jamesbeale · Nov 8, 2016, 10:47 AM

Thank you so much for taking the trouble to point me in the right direction.