PfBlockerNG not blocking ip address
-
I am trying to block an ip address used by a piece of software with pfBlockerNG. In Firewall/pfBlockerNG/Edit/IPv4, I have:
Alias name: NNTP server
List Description: Block server
IPv4 Lists: Auto/ON/ Source [blank] Header/Label [blank]
List Action: Deny Both
Update Frequency: NEVER
States Removal: ENABLE
IPv4 Custom list:
Enable Domain/AS: unchecked
Custom Address(es): 12.34.567.890 (of course the real address I want to block)The software is still connecting however. Can anyone tell me what I am doing wrong?
Thanks
-
You most likely missed some of the required steps noted in the GUI after changing those, plus – there's zero need for pfBlocker to block an IP address. Create a firewall rule and call it a day.
-
Thanks. I was using pfBlockerNG to block IPs to keep everything in one area as someone suggested in the past. I'll switch it over.
-
After creating a firewall rule as suggested by doktornotor, the program still gets through. I watched it with a sniffer and the address got past pfsense. The program is MesNews, an NNTP news reader program. I tried blocking both WAN and LAN. The NNTP feed is 144.76.182.167:563. Anyone want to check if they can block it?
-
After creating a firewall rule as suggested by doktornotor, the program still gets through. I watched it with a sniffer and the address got past pfsense. The program is MesNews, an NNTP news reader program. I tried blocking both WAN and LAN. The NNTP feed is 144.76.182.167:563. Anyone want to check if they can block it?
Its probably using other IPs…. Need to wireshark or something to see whats happening...
If you are adding many IPs to firewall rules, then Its best to do that all within pfBlockerNG since it will deduplicate/aggregate etc…. So IMHO makes it simpler.... Just add those IPs to an IPv4/6 custom list and be done with it :)
-
It does accesses 2 IPs. The program was sending something upon MesNews start and I successfully blocked that IP. I think MesNews was sending a message to the author showing that the program is being used. But when I click on a news group line, it goes directly to the news group NNTP server even though the IP is blocked in pfblockerng. MesNews requires the entry of the NNTP server address:
TCP 192.168.1.100:60312 –> 144.76.182.167:563 10/9/2017 7:38:55:720 PM packet: 1
I for the life of me can't figure out how MesNews is getting past pfblockerng. I tried setting up a simple firewall blocking record also, but it gets past it also.
-
Attachments:
-
First edit the Alias name and remove the "spaces" in the Alias Name as that is not allowed.
When you add IPs to the custom list, click on the "Update custom list" and enable that selection then goto the update tab and Force Update.
-
Thanks. I missed or didn't understand that instruction at the bottom of the page.