pfBlocker only on specific ports
-
Hello, extremely new and green to the whole pfSense and pfBlocker world so there's a good chance this has been answered but I tried searching on Google and couldn't find what I needed. I would like to use the GeoIP lists to block bad traffic from my two open ports that I have for Bittorrent and Plex, other than that I shouldn't need to apply the GeoIP rules to everything as the normal firewall rules should take care of that. Any help is appreciated.
-
Easy, create an alias deny rather than my alias permit and use it on a firewall rule.
-
After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?
-
when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?
The entire country.
-
@KOM Well that explains a lot, lol.
See, I have a lot of learning to do.
-
@bose301s said in pfBlocker only on specific ports:
After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?
Look at my first screenshot, create an alias then define your firewall rule.
-
@NogBadTheBad said in pfBlocker only on specific ports:
@bose301s said in pfBlocker only on specific ports:
After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?
Look at my first screenshot, create an alias then define your firewall rule.
I'm going to do some more learning on this before I go further, going to try to load lists of known bad IPs to block on those ports as I want connections from all over the world since BitTorrent is definitely worldwide.
-
Maybe you should look at snort or suricata
-
@NogBadTheBad I've got Suricata up and running as well.
-
@bose301s said in pfBlocker only on specific ports:
@NogBadTheBad I've got Suricata up and running as well.
emerging-p2p.rules << set it to block on these rules
-
@NogBadTheBad said in pfBlocker only on specific ports:
@bose301s said in pfBlocker only on specific ports:
@NogBadTheBad I've got Suricata up and running as well.
emerging-p2p.rules << set it to block on these rules
That won't block all p2p? That was my understanding of what it did.
-
@bose301s said in pfBlocker only on specific ports:
@NogBadTheBad said in pfBlocker only on specific ports:
@bose301s said in pfBlocker only on specific ports:
@NogBadTheBad I've got Suricata up and running as well.
emerging-p2p.rules << set it to block on these rules
That won't block all p2p? That was my understanding of what it did.
You can whitelist addresses AFAIK.
-
@bose301s said in pfBlocker only on specific ports:
would like to use the GeoIP lists to block bad traffic from my two open ports
At the bottom of all GeoIP and IPv4/6 pages for each Alias/Group is "Advanced Inbound/Outbound Firewall Rule Settings" which you can use to refine the Auto Type rules to add Ports/Destination IPs etc.... or follow the other recommendations to use "Alias type" and manually create the rules as required.
