Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. whitelist
    Log in to post
    • All categories
    • D

      IPv6 Firewall rules for external internet access only

      Watching Ignoring Scheduled Pinned Locked Moved IPv6 ipv6 rules gua internet access whitelist
      3
      0 Votes
      3 Posts
      282 Views
      D

      @Bob-Dig That looks like it worked! Is there a limitation I should be aware of with how quickly those rules will update? I just don't want to leave an open hole in my firewall whenever my ISP drops the ball.

    • A

      Captive Portal blocking allowed IP addresses with bandwidth in 2.6.0

      Watching Ignoring Scheduled Pinned Locked Moved Captive Portal captive portal allowed ip whitelist blocking 2.6.0
      2
      0 Votes
      2 Posts
      726 Views
      GertjanG

      @adnan97

      From what I recall , these issues were solved with patches pfSense package ages ago :

      4dcf0368-291d-486f-9000-c36f26764e2e-image.png

      The bad news : you have to dig them up, here, in this forum or redmine.
      The good news : 2.7.0 - coming out soon - will take care of things.

      I was using 2.6.0 quiet long time, and issues (important to me) were solved after some forum interaction.

    • S

      DNSBL Auto whitelisting happing ?

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG whitelist dnsbl
      11
      0 Votes
      11 Posts
      2k Views
      L

      @jot thanks for the info. You are right. Though I do not understand why to force whitelist google and yandex subdomains which are used for ads - ads.google.com|adservices.google.com. I just can not block ads if I enable safesearch option

    • OceanwatcherO

      Blocking everything except...

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions block all whitelist
      9
      0 Votes
      9 Posts
      1k Views
      OceanwatcherO

      @stephenw10 said in Blocking everything except...:

      It might not be...

      That is correct 😉

    • K

      HAproxy backend whitelisting

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy whitelist blacklist
      9
      0 Votes
      9 Posts
      6k Views
      K

      That was it, thank you for your help!

    • M

      Whitelist-Ansatz für Windows- und Programmebene: Allen nicht explizit legitimierten (ausgehenden) Datenverkehr unterbinden

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch whitelist windows firewall block
      9
      0 Votes
      9 Posts
      2k Views
      JeGrJ

      @m0nji said in Whitelist-Ansatz für Windows- und Programmebene: Allen nicht explizit legitimierten (ausgehenden) Datenverkehr unterbinden:

      @jegr said in Whitelist-Ansatz für Windows- und Programmebene: Allen nicht explizit legitimierten (ausgehenden) Datenverkehr unterbinden:

      Snort+OpenAppID

      Application Filtering on pfSense ist vollkommen an mir vorbei gegangen. Danke für die Richtigstellung.

      Kein Problem, gerne. Steht leider noch auf meinem ToDo Zettel zum Testen aber leider dank Krankheit und Arbeit noch nicht dazu gekommen ;)

    • newyork10023N

      pfBlockerNG rule element modification and ordering

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG dnsbl whitelist rule ordering suspension pfblockerng
      2
      0 Votes
      2 Posts
      1k Views
      BBcan177B

      @newyork10023 said in pfBlockerNG rule element modification and ordering:

      To begin, pfBlockerNG_devel 2.2.1_2 is awesome. Wow. Thanks.

      Thanks!

      Certain feeds are naughty. For example, adding RFC 1918 (Private Address Space), Multicast addresses, etc., etc., etc., is just BAD. Blocking possibly necessary system addresses, including multicast addresses, etc., is just NASTY. Adding a WhiteList is not going to fix this issue. These rule elements need to be culled from the list(s), and I mean permanently.

      By chance are you using Firehol Level1? That feed contains bogons and should not be used for Outbound blocking. You can also enable "Suppression" which will remove local/loopback addresss.

      A couple of feature suggestions for automatic rule insertion: use rule Separators to bind automatic rule insertion to specific places in the rules. (Indeed, one of my pet peeves is that automatic rules re-arrange Separator organization in seemingly random ways.). Another suggestion would be that automatic rule insertion should not re-arrange rule ordering AT ALL (after their initial placement). Subsequent rule updates should update rules IN PLACE. I like the possibility that Separators could be used to bind automatic rule insertion. But, disabling all automatic rule insertion needs to be an option for DNSBL.

      Firewall rule separators will be very difficult to implement with pfBlockerNG and auto rules...

    • S

      PfSense & Snort: Whitelist Domain

      Watching Ignoring Scheduled Pinned Locked Moved IDS/IPS pfsense snort whitelist domain url
      1
      0 Votes
      1 Posts
      1k Views
      No one has replied