PfBlocker alias join for NAT with source filter
-
Hi everybody,
I'd like to use GEOIP with PfBlocker to allow only one country for the IN traffic (NAT) for some firewall rules.The problem is that if I create ALIAS PERMIT groups with IPv4, IPv6 ans satellite subnets I get three ALIASES.
I'd like to configure the NAT source field with the join of these three aliases. Of course the firewall accepts only one rule for the NAT with same ports, so I don't know hot to manage this situation.
NAT Example:
Interface: WAN
TCP/UDP VOIP PORTS
Source: pfb_Europe_v4 <–-- Here I want to use multiple aliasesSince obviously we are allowed to enter a single alias, I think I should tell pfBlocker to create only one ALIAS or maybe I should cron a script to join the aliases.
Any suggestions?
-
Create separate NAT rules, one for each alias.
-
You can goto the IPv4 tab and manually add the path to whatever GeoIP Countries you want. (/usr/local/share/GeoIP/cc/) Can also intermingle other lists as required in the same Alias.
Click the blue "Infoblock" Icons in the IPv4 tab for more details.
-
Create separate NAT rules, one for each alias.
How is this possible for the same ports?
-
You can goto the IPv4 tab and manually add the path to whatever GeoIP Countries you want. (/usr/local/share/GeoIP/cc/) Can also intermingle other lists as required in the same Alias.
Click the blue "Infoblock" Icons in the IPv4 tab for more details.
Thank you very much for the solution.
-
Just another question: what's the _rev_v4.txt file content?
-
See the following:
https://forum.pfsense.org/index.php?topic=117744.0Also you won't be able to mix IPv4 and 6 in the same Alias unfortunately.