Problem with ordering

romor

Hello,

i have problem with pfBlocker rules ordering Its not a bug, its feature:-)

I need to have Whitelist on top of firewall rules, because some of our branches have IP in blacklist and theyer providers dont want solved this problem (existence in blacklist).
That mean, in ordering i need select

| pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match | pfSense Block/Reject |

because if i select first (default) value, whitelist rule is automatically behind pfBlocker Block rules. Thats bad.

But problem is on another interfaces, because on bottom of list i have Allow rule for access to inenet.
FW list like this:

• Allow rules
• Deny rules
• Allow rule to internet

But if i turn pfBlocker on, ordering | pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match | pfSense Block/Reject | make my list to bad state.
Like this:

• Allow rules
• Allow rule to internet
• Deny rules

That mean, all traffic from all interface are after turning on pfBlocker allowed.

My question sounds: "Can you add new order like | pfB_Pass/Match | pfB_Block/Reject | All other Rules | (original format)??"

Or exist solution, that if firewall process all firewall rules, automatic allow all traffic?? In this moment after process all firewall rules all traffic is blocked.

Thanks…

BBcan177

Unfortunately, there are millions of possibilities to re-order the Firewall rules…  I can't add every possibility...

You can try to create some of your pfSense rules in pfBlockerNG (using the customlist and Adv. In/Out settings), so that it can be ordered as required... or you might need to use "Alias Type" rules, which are manually created... refer to the blue infoblocks in the IPv4 Tab (List Action) on how to do that...

romor

Hi, ok, i found another solution, i use pfBlocker only to WAN and all is ok now with main ordering.

But i have another problem.
If i order my rules, pfblocker after update order my rule to another position.
Why?
He have some algorithm to it??
Because i dont see sort by name or IP, or port..

But ordering is different as before update pfBlocker. All rules is same type (allow).

For example, after turning on pfBlocker is rule list::
Rule 3
Rule 1
Rule 2

I change it to:
Rule 3
Rule 2
Rule 1

And after rerun pfBlocker or Update list is again:
Rule 3
Rule 1
Rule 2

Why, please?

BBcan177

Change the "Rule Order" setting in the General tab to suit your network, or choose an "alias type" and create the rules as required for your setup.

romor

Thank you very much. I change all to Alias type and make own rules manualy and all is working.