Correct setup to protect open WAN ports?



  • Hi,

    I want your help to tell me if this setup is completely wrong.
    I have been reading through this forum about pfBlockerNG but I find it hard to understand how to setup…

    Lets say that I only have to ports open, 51205 and 52121.
    Now I want only IP-adresses from Åland to access these ports.
    So this is what I have done:

    • I have then created a alias with ports 51205 and 52121 in case I want to add more ports.
    • In pfBlocker I have then under GeoIP --> Europe I have selected Åland in both IPv4 and IPv6
    • Selected Deny Inbound under List Action.
    • Selected Invert Source
    • Selected my alias under Custom DST Port
    • Selected protocol TCP/UDP

    Is this correct if I only want to allow IP-addresses from Åland?
    Or am I doing something wrong?

    Thanks!








  • Moderator

    Instead of:

    • Selected Deny Inbound under List Action.
    • Selected Invert Source

    Why not just use the "Permit Inbound" Action option?



  • Hi,

    :o, why didn't I think of that.
    I have now changed it and it seems to be working :)
    Thanks!

    I have some other question that any of you might know the answer of…

    • In the dahboard under pfBlockerNG I can see the number of packets being blocked.
      If I press the number I'm being re-directed to the alerts tab so I can see these alerts but there's nothing logged. Why is that?

    • pfBlockerNG is scheduled to update every hour as default and this has been working (I think) but now it doesn't seem to work.
      I the attached image you can see in the dashboard that I did a manual update 22:03 but then it hasn't update by schedule. Do you know why?

    Thanks!







  • Moderator

    See the following link about your first question:
    https://forum.pfsense.org/index.php?topic=99929.msg556801#msg556801

    MaxMind updates once a month, so there is no reason to run cron updates hourly for GeoIP. However. If you add other IP feeds, you should update at an increased frequency.