pfBlocker Options
-
The Netgate help file shows the following options:
Options are:Deny Both - Will deny access on Both directions.
Deny Inbound - Will deny access from selected lists to the local network.
Deny Outbound - Will deny access from local users to IP address lists selected to block.
Permit Inbound - Will allow access from selected lists to the local network.
Permit Outbound - Will allow access from local users to IP address lists selected to block.
Disabled - Will just keep selection and do nothing to selected Lists.
Alias Only - Will create an alias with selected Lists to help custom rule assignments.However, in my pfBlocker page in pfSense, I'm also presented with the options:
Match Inbound/Outbound/BothThe instructions recommend not "blocking the world" since default behavior is to block unless permitted, but I also don't want to just allow any inbound traffic from certain countries. Would "Match Inbound" only allow from the specified countries to my open ports but drop all other traffic from those countries? I'm guessing the Match statement would force it to still be processed through other firewall rules.
-
Create an alias using pfBlocker and craft your own firewall rules.
With the aliases the deny, permit & match only defines where the info in the report tab goes.
