Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newby question re whitelisting in pfblockerng

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pfsensory
      last edited by

      I just started using pfblockerng.  One site that I tried to link to (iphoneincanada.ca, which I believe to be a legit site) is blocked, and the firewall logs indicate that this site it blocked on the ET-Block list.  How can I whitelist this site (and other individual sites in the future) so that I can reach it?

      1 Reply Last reply Reply Quote 0
      • P Offline
        pfsensory
        last edited by

        (bump)

        Anyone?

        1 Reply Last reply Reply Quote 0
        • F Offline
          f34rinc
          last edited by

          From the pfSense GUI - Firewall \ pfBlockerNG \ Alerts tab  find your entry for click the + symbol to suppress the address.  Suppression is enabled from the General tab of pfBlockerNG if you don't already have it enabled.

          1 Reply Last reply Reply Quote 0
          • P Offline
            pfsensory
            last edited by

            Thanks!  I had missed that checkbox, so there were no +'s available to suppress IP addresses.  Your instructions fixed the issue.

            1 Reply Last reply Reply Quote 0
            • P Offline
              pfsensory
              last edited by

              Follow up question:

              pfBlockerNG seems to be blocking dropbox.com (specific IP 162.125.32.129:443), with the message in the log being that the address is found on a blacklist IBlock_BT_Hijack 162.125.0.0/16.  But there is no "+" sign next to the address to suppress it.  How can I whitelist this site so that my computers can connect to dropbox?

              1 Reply Last reply Reply Quote 0
              • P Offline
                pfsensory
                last edited by

                I landed up disabling the whole list in question (IBlock_BT_Hijack). Is there a more elegant way of accomplishing this?

                1 Reply Last reply Reply Quote 0
                • F Offline
                  f34rinc
                  last edited by

                  @pfsensory:

                  162.125.0.0/16.  But there is no "+" sign next to the address to suppress it.

                  You can only suppress a /32 or /24 you have to make a new alias with 162.125.0.0/16 and allow outbound if you wanted to access the /16.

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR Offline
                    RonpfS
                    last edited by

                    @pfBlockNG:

                    Enable Suppression
                    This will prevent Selected IPs from being blocked. Only for IPv4 lists (/32 and /24).
                    Country blocking lists cannot be suppressed.
                    This will also remove any RFC1918 addresses from all lists.

                    Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias
                    A blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist alias' w/ list action: 'Permit Outbound' Firewall rule
                    Do not use the pfBlockerNGSuppress Alias in a Firewall Rule. This alias is used during the cron download process only.

                    2.4.5-RELEASE-p1 (amd64)
                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.