PfBlockerNG GeoIP Log Surpress?
-
I have pfBlockerNG with GeoIP enabled and I block China (and others). This creates the rule "pfB_Top_v4 AR" under LAN which blocks everything outbound to those IPs. I just got a few cheap ip cameras that try to connect to their China servers several times a minute that gets blocked by this rule. I enable global logging of pfBlocker so I can see (other) blocks in my dashboard widget, however this is always flooded by these camera alerts. So ideally I'd like to just suppress these alerts somehow, however it seems pfBlockerNG doesn't let you suppress any GeoIP based alerts (from what I see). I can create a whitelist under the Firewall -> pfBlockerNG ->IPv4 and then change the order under the General tab to place the pfB pass rules first, and that works to whitelist the IP, but I still want to block it! Just without all the spam in the logs. Is there some other work around or way I'm missing to basically suppress specific geoip alerts from the logs?
Thanks
-
I think i figured this out. I created a floating rule that blocked these ips, selected quick, and unselected log. I had tried this before and it didn't work, not sure what I did wrong. But it should process this floating rule before the pfblocker/geoip lan/wan rules and block the spamming ip's without filling up my log.
-
Turn "Global logging" off… Then in the TOP20 Tab disable the Logging...
Alternatively, instead of using the TOP20 tab, you can make an IPv4/6 Alias with any GeoIP combinations and configure the options as required. Click on the Blue Infoblock icons for further details.
