Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking all internet?

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pdrass
      last edited by

      I've got the latest pfsense kickin like chicken and I suddenly lose Internet for some reason without much configured besides GEOIP.

      2.3.4-RELEASE (i386)
      built on Wed May 03 15:22:11 CDT 2017
      FreeBSD 10.3-RELEASE-p19

      I have ALL countries blocked INBOUND except NA of course where I reside.  I suddenly lose Internet.

      I think this has to do with inbound and outbound rules.  Any insight?  By default it looks like all interfaces for both are selected.  If I disabled PFBlocker all is right with the world and I can access the Interwebs.  I wanted to just block INBOUND from all countries for now and allow all OUTBOUND and that assumes then if they go out they can get anything from around the world.

      Thoughts?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • M
        moscato359
        last edited by

        If you want to block inbound from all countries, why not just block inbound in general? Countries don't need to be involved

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          Take a look at the Help text in the GeoIP Continent Tabs… If you don't have any open WAN ports, the Default WAN deny rule is going to block all unsolicited Traffic (Stateful firewall)...

          You only need to protect open WAN ports, and the Outbound... and consider Whitelisting instead of blocking the world.

          If you are using the DNS resolver, note that the 13 root DNS servers are not all in North America... Review the Alerts tab and it will show what is being blocked.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • P
            pdrass
            last edited by

            Yes I understand this however, I'm going to be turning on "both" not just "inbound" on the FW.  I'm easing my way into blocking country outbound SO I need to enabled GEO IP Block.

            I haven't quite figured out what was going on BUT it's possible this was a SNORT issue or perhaps a DNS resolution issue at the time.

            This might be a non-issue.  I've turned pfbng back on, have cleaned a few things up and it seems like all is well.

            Thanks for your feedback.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.