Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG GeoIP Log Surpress?

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theroot
      last edited by

      I have pfBlockerNG with GeoIP enabled and I block China (and others). This creates the rule "pfB_Top_v4 AR" under LAN which blocks everything outbound to those IPs. I just got a few cheap ip cameras that try to connect to their China servers several times a minute that gets blocked by this rule. I enable global logging of pfBlocker so I can see (other) blocks in my dashboard widget, however this is always flooded by these camera alerts. So ideally I'd like to just suppress these alerts somehow, however it seems pfBlockerNG doesn't let you suppress any GeoIP based alerts (from what I see). I can create a whitelist under the Firewall -> pfBlockerNG ->IPv4 and then change the order under the General tab to place the pfB pass rules first, and that works to whitelist the IP, but I still want to block it! Just without all the spam in the logs. Is there some other work around or way I'm missing to basically suppress specific geoip alerts from the logs?

      Thanks

      1 Reply Last reply Reply Quote 0
      • T
        theroot
        last edited by

        I think i figured this out. I created a floating rule that blocked these ips, selected quick, and unselected log. I had tried this before and it didn't work, not sure what I did wrong. But it should process this floating rule before the pfblocker/geoip lan/wan rules and block the spamming ip's without filling up my log.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          Turn "Global logging" off… Then in the TOP20 Tab disable the Logging...

          Alternatively, instead of using the TOP20 tab, you can make an IPv4/6 Alias with any GeoIP combinations and configure the options as required. Click on the Blue Infoblock icons for further details.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.