Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG Alias Firewall Rule Question

    Scheduled Pinned Locked Moved pfBlockerNG
    16 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NogBadTheBadN
      NogBadTheBad
      last edited by NogBadTheBad

      Shouldn't both point to the WAN interface ?

      1571224803333-74e0d30f-9cdd-4da8-ac39-1e00041b1486-image.png

      Post the screenshots from your pfBlocker alias, here's what my SSHPERMIT looks like:-

      Screenshot 2019-10-16 at 13.11.36.png

      You've not told pfBlocker to create an alias match have you ?

      1 Reply Last reply Reply Quote 0
      • T
        tman222
        last edited by

        HI @NogBadTheBad - thanks for getting back to me. I made the change to the WAN rule.

        Also, I'm using the original pfBlockerNG, not pfBlockerNG-devel. Here are the settings for this GeoIP alias:

        66016227-288b-4200-b324-140273c7b30c-image.png

        I did to choose "Alias Native" - is that not correct? Thanks again.

        NogBadTheBadN 1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by

          I'd upgrade to pfBlockerNG-devel.

          T 1 Reply Last reply Reply Quote 0
          • T
            tman222 @NogBadTheBad
            last edited by

            @NogBadTheBad said in pfBlockerNG Alias Firewall Rule Question:

            I'd upgrade to pfBlockerNG-devel.

            Thanks @NogBadTheBad - is the upgrade seamless? That is, will my settings stick between the two or do I have to reconfigure everything? Also, I assume the upgrade process would be to uninstall the hold pfBlockerNG first and then install pfBlockerNG-devel? Thanks again.

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by

              Not sure TBH I went straight to pfBlockerNG-devel, maybe @BBcan177 could advise.

              1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad @tman222
                last edited by NogBadTheBad

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • T
                  tman222
                  last edited by

                  Thanks @NogBadTheBad - I really appreciate the help. Hopefully @BBcan177 could advise me as well on what the best path forward here would be. Thanks again!

                  1 Reply Last reply Reply Quote 0
                  • T
                    tman222
                    last edited by tman222

                    Well, I went ahead and wiped out my pfBlockerNG install tonight and reinstalled with pfBlockerNG-devel including my block lists. Set up a Permit Alias for VPN similar to what @NogBadTheBad did for SSH in the screenshot above. Applied this alias as the source on the inbound VPN firewall rule on WAN. However, I still see all UDP traffic (packets) being picked up and counted by the widget in the dashboard. Cross-checking against the firewall logs the UDP traffic is being blocked by the default deny rule. I just don't quite understand why it is being counted as a PASS packet. Does anyone have any ideas? Does the traffic hit pfBlockerNG first before the default deny rule? Thanks again.

                    Edit: I also found this all thread on Alias which indicates that a Permit Alias would be the right choice in this case:

                    https://forum.netgate.com/topic/121185/pfblockerng-alias

                    NollipfSenseN 1 Reply Last reply Reply Quote 0
                    • NollipfSenseN
                      NollipfSense @tman222
                      last edited by

                      @tman222 said in pfBlockerNG Alias Firewall Rule Question:

                      I just don't quite understand why it is being counted as a PASS packet.

                      Remember, the NIC sees the packet before the firewall does!

                      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                      T 1 Reply Last reply Reply Quote 0
                      • T
                        tman222 @NollipfSense
                        last edited by

                        @NollipfSense said in pfBlockerNG Alias Firewall Rule Question:

                        @tman222 said in pfBlockerNG Alias Firewall Rule Question:

                        I just don't quite understand why it is being counted as a PASS packet.

                        Remember, the NIC sees the packet before the firewall does!

                        Thanks @NollipfSense, I appreciate your response.

                        So that does that mean that pfBlockerNG sees the packets before they hit the firewall's default deny rule and that's why they are being counted? Unfortunately I don't know enough about how the package works to be certain on this.

                        Thanks again.

                        NollipfSenseN 1 Reply Last reply Reply Quote 0
                        • NollipfSenseN
                          NollipfSense @tman222
                          last edited by NollipfSense

                          @tman222 Well, I think it would be pfSense that provided pfBlockerNG widget the packet info.

                          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.