If you select the Deny_Inbound, Deny_Outbound or Deny_Both type options, it will AUTO create the Firewall Rules for you, using the Rule Order setting that you configured in the General Tab… These are typical-use scenario Auto-Rule ordering options…

These Auto Rules, might not fit with your network requirements, so instead you can select the Alias Type options which are highlighted above in the red boxes. These Alias Type options WILL NOT create any Firewall rules…

With Alias Type settings, you will need to manually create all of the Firewall Rules, so that it fits with your network requirements… Review one of the Auto-Created rules as an example of how to manually create these Firewall Rules…

Also, ensure that you read the last NOTE above, and prefix these pfBlockerNG manually created rules with pfb_ ( lowercase )…  This is required so that the Widget knows which rules are for pfBlockerNG.

Hope that helps!

I already provided your solution above.

Select the "Alias type" options in the "List Action" settings. (IPv4/6/GeoIP etc). Then you can manually create the rules as you require and reference the applicable alias table that the package creates.

Click the blue infoblock icons for additional details.

Extremely sorry and I do not mean to be a novice but how would I also allow my rule order to work? I would need a way to not allow the default rules to be added to Floating/WAN rules and still update. Are you saying settle with a rule order of pfBlocker rules on bottom and re-reference my rules, duplicating the rules, allowed in the middle?

Select the "Alias type" options in the "List Action" settings. (IPv4/6/GeoIP etc). Then you can manually create the rules as you require and reference the applicable alias table that the package creates.

Click the blue infoblock icons for additional details.

In the General Tab, there are several different "Rule Order" options, did you try those?

-None of these options will allow all rules to work successfully as it will reorder improperly.

@BBcan177:

You are not forced to use "Auto type" rules…. You can easily opt to use "Alias type" ( ie: Alias_Deny ) and manually create your own rules as you wish.... The pfBlockerNG package will collect the IPs and put them into alias tables, and these alias tables can be easily referenced in any manually created firewall rules...

Please review the blue infoblock icon in the IPv4 Tab / List Action, for more details on this approach…

-How can I full advantage of GeoIP block lists and disable Floating Rules/Rule Order to incorporate  IPv4 Alias Rules?

@BBcan177:

I would think that with a "Floating" type rule, that you would want the "quick" option to be selected, since in the Floating Tab, the last rule that matches "wins"…. so the quick option halts that process when the rule is matched.

-This will allow some of the county lists to supersede specific allow rules or allow blanket allows to trump country denies.

In the General Tab, there are several different "Rule Order" options, did you try those?

You are not forced to use "Auto type" rules…. You can easily opt to use "Alias type" ( ie: Alias_Deny ) and manually create your own rules as you wish.... The pfBlockerNG package will collect the IPs and put them into alias tables, and these alias tables can be easily referenced in any manually created firewall rules...

Please review the blue infoblock icon in the IPv4 Tab / List Action, for more details on this approach…

I would think that with a "Floating" type rule, that you would want the "quick" option to be selected, since in the Floating Tab, the last rule that matches "wins".... so the quick option halts that process when the rule is matched.