Blocking some permitted geo local IPs
-
We have had a number of attempts to access our network from unauthorised users.
Using pfblockerng I have recently been able to filter out all access attempts from outside Australia which has reduced the number in any 24 hour period from 15,000 to a few hundred.
I do see in the logs a number of local ip addresses that are still attempting over and over which I would like to block too.
I had originally thought to add these as individual firewall rules to block however it appears pfsense continually reorders the pfblocker rule to the top of the list which allows them to pass through.
I see in pfblockerng that there is an IPv4 tab, is this where I could add these IPv4 addresses instead of adding them as individual fw rules? Would I add them as an IPv4 custom list?
Thanks in advance…
-
You can hit the "+" button to add a new IPv4 alias. Define the options listed. You can click on the blue infoblock icons for further details.
Add the IPs to the custom list, one per line.
Then goto the Update tab and hit "Force Update". As you add new IPs select the "update custom list" option at the bottom of the page before updating.
Note- you can change the rule order options in the general tab, or use "alias type" setting and manually create the firewall rules as required.
-
Thanks for the reply :)
I am still unsure of what the difference is between blocking IP addresses via pfblockerng IPv4 custom list and listing them individually in the firewall rules.
Is the former just an easier way to block multiple IP addresses?
-
Either will work… Up to you whats an easier method to manage...
