How are rules executed ?

techbee · Jul 5, 2017, 12:56 AM

1. Is the default firewall rule is allow all ?

2. Are the rules executed top to bottom ?

3. The firewall rule shows antilock-out rule on the very top for port 80 for all users. I understand it as allow all traffic for all users on port 80.
If I create a rule to block a certain LAN IP ADDRESS on port 80, will firewall still block it when it has already executed the first rule which is the antilockout rule.

chpalmer · Jul 5, 2017, 3:13 AM

1. Is the default firewall rule is allow all ? No. Default without any rules is Deny All.

2. Are the rules executed top to bottom ? Yes.

3. The firewall rule shows antilock-out rule on the very top for port 80 for all users. I understand it as allow all traffic for all users on port 80.
If I create a rule to block a certain LAN IP ADDRESS on port 80, will firewall still block it when it has already executed the first rule which is the antilockout rule.

The antilockout rule is any to the firewall LAN address only. It does not allow anyone to go anywhere else.

Harvy66 · Jul 5, 2017, 3:36 AM

For floating rules, last wins. I guess you could think "bottom to top". But it's still top to bottom. The difference is important if you do any "quick" rules.

techbee · Jul 5, 2017, 4:19 AM

thanks for replying guys.

mer · Jul 5, 2017, 2:39 PM

@Harvy66:

For floating rules, last wins. I guess you could think "bottom to top". But it's still top to bottom. The difference is important if you do any "quick" rules.

I thought that all user defined rules added the quick keyword internally? pf inherently is "evaluate from the top, last match wins unless there is a quick keyword"

dexener · Jul 9, 2017, 6:56 PM

I have also question.
Today i played a little bit with GeoIP rules. I blocked top20 spammers, but this rule is also blocking for example WebSite http://www.shallalist.de/, which seems to be legit WebSite. From this site i wanted to download another rules for blocking porn…

I made then another firewall rule (added with plus button on firewall alerts tab) and edited a little bit. It seems that this rule is not working, because i cannot reach this site. :(

What i am doing wrong? See attachment. Thank you.

dexener · Jul 9, 2017, 6:57 PM

OMG. I am really n00b. Now it is working. I added this rule before GeoIP rules. :-[ :-[

dexener · Jul 10, 2017, 10:13 PM

I dont understand what is wrong with my rules. Every time when the cron job for pfBlockerNg is running they get messed up and then are not correctly applied.

Can someone please help me to solve this issue. I tried also with separators and they are also not funktioning. For example i made one separator for Easy rules and suddenly rules from pfBlockerNG are also inside. :-\

BBcan177 · Jul 11, 2017, 4:45 AM

Did you see the "Rule Order" option in the General Tab? If one of those options do not work for your needs, you can choose "Alias" type action settings for the Aliases and then manually create the rules as required. Click on the blue infoblock icons for further details.

dexener · Jul 11, 2017, 3:52 PM

@BBcan177
I think that now is everything working fine.
Now my "Rule Order" is:
pfSense Pass/Match | pfB_Pass/Match |pfB_Block/Reject | pfSense Block/Reject