PfBlockerNG not blocking ip address



  • I am trying to block an ip address used by a piece of software with pfBlockerNG.  In Firewall/pfBlockerNG/Edit/IPv4, I have:

    Alias name: NNTP server
    List Description: Block server
    IPv4 Lists: Auto/ON/ Source [blank] Header/Label [blank]
    List Action: Deny Both
    Update Frequency: NEVER
    States Removal: ENABLE
    IPv4 Custom list:
      Enable Domain/AS: unchecked
      Custom Address(es): 12.34.567.890  (of course the real address I want to block)

    The software is still connecting however.  Can anyone tell me what I am doing wrong?

    Thanks


  • Banned

    You most likely missed some of the required steps noted in the GUI after changing those, plus – there's zero need for pfBlocker to block an IP address. Create a firewall rule and call it a day.



  • Thanks.  I was using pfBlockerNG to block IPs to keep everything in one area as someone suggested in the past.  I'll switch it over.



  • After creating a firewall rule as suggested by doktornotor, the program still gets through.  I watched it with a sniffer and the address got past pfsense.  The program is MesNews, an NNTP news reader program.  I tried blocking both WAN and LAN.  The NNTP feed is 144.76.182.167:563.  Anyone want to check if they can block it?


  • Moderator

    @battles:

    After creating a firewall rule as suggested by doktornotor, the program still gets through.  I watched it with a sniffer and the address got past pfsense.  The program is MesNews, an NNTP news reader program.  I tried blocking both WAN and LAN.  The NNTP feed is 144.76.182.167:563.  Anyone want to check if they can block it?

    Its probably using other IPs…. Need to wireshark or something to see whats happening...

    If you are adding many IPs to firewall rules, then Its best to do that all within pfBlockerNG since it will deduplicate/aggregate etc…. So IMHO makes it simpler.... Just add those IPs to an IPv4/6 custom list and be done with it :)



  • It does accesses 2 IPs.  The program was sending something upon MesNews start and I successfully blocked that IP.  I think MesNews was sending a message to the author showing that the program is being used.  But when I click on a news group line, it goes directly to the news group NNTP server even though the IP is blocked in pfblockerng.  MesNews requires the entry of the NNTP server address:

    TCP  192.168.1.100:60312 –> 144.76.182.167:563    10/9/2017 7:38:55:720 PM    packet: 1

    I for the life of me can't figure out how MesNews is getting past pfblockerng.  I tried setting up a simple firewall blocking record also, but it gets past it also.



  • Attachments:







  • Moderator

    First edit the Alias name and remove the "spaces" in the Alias Name as that is not allowed.

    When you add IPs to the custom list, click on the "Update custom list" and enable that selection then goto the update tab and Force Update.



  • Thanks.  I missed or didn't understand that instruction at the bottom of the page.