I've been trying to setup pfBlockerNG to block everything but my country and then manually adding IP addresses as needed but I'm failing horribly on how to do so.
I tried adding a whitelist alias at the system firewall but I don't know how to link it to pfBlockerNG. I tried making a list in pfBlockerNG's IPv4 tab but it seems it downloads premade lists from some server, it doesn't maintain/edit them. Then I tried enabling the Suppression function on the package but the little plus sign to whitelist IP addresses won't appear because the blocked IP addresses are coming from a country list, I believe.
I have three WAN interfaces with several rules under them already and I'm afraid to toy with the Rule Order box in the General tab because I don't know if it will mess up my rules. I also saw in the system firewall a new alias "pfBlockerNGSuppress", could I just add the IP addresses I want whitelisted there and pfBlockerNG will sort everything out? Wishful thinking, maybe?
Here's my config:
You can't "Suppress" IPs for GeoIP blocked IPs…
Create a "Whitelist" Alias in the IPv4 and/or v6 tab.
Add the IPs that you want to allow into the Custom list at the bottom.
Set the Action to "Permit Outbound"
Goto the General tab and ensure that the "Rule Order" places the Permit rules above your Blocked rules..