Whitelist not working
-
I've enabled both pfBlockerNG and DNSBL and I'm trying to whitelist certain sites that are giving my trouble. In particular forum.xda-developers.com seems to not load properly (ie. no css), I just see plain text.
I've disabled pfBlockerNG to test whether this is the cause and it would appear so.
I've also created an "AllowList" alias with "Permit both" as action in the IPv4 tab and added the IP of xda in the IPv4 custom list to no avail.
I notice that a pfB_AllowList rule gets created in my LAN firewall rule and it sits below the pfB_* bock rules.
Any thoughts here?
-
It looks like this IP in the IBlock Ads feed is causing the issue: 89.255.249[.]55
(Note to self: stopping using IBlock :) )Keep in mind that you typically want "Permit Outbound" so that a LAN device needs to make the initial request to allow that domain to come back thru the WAN (Stateful firewall)… Its not safe to use Permit Both unless its for a Web application etc that is open from the WAN side...
Check the "Rule Order" option in the General tab, to place the Permit above the Block rules.
-
It looks like this IP in the IBlock Ads feed is causing the issue: 89.255.249[.]55
(Note to self: stopping using IBlock :) )Keep in mind that you typically want "Permit Outbound" so that a LAN device needs to make the initial request to allow that domain to come back thru the WAN (Stateful firewall)… Its not safe to use Permit Both unless its for a Web application etc that is open from the WAN side...
Check the "Rule Order" option in the General tab, to place the Permit above the Block rules.
Thanks. So I assume you mean to add the 89.255.249[.]55 along with the IP of the forums as part of the Allow List ?
Also, my rule order is "pfB_Block/Reject | All other Rules" but I manually moved the Allow List rule above the block rules and still no go.
-
There are a couple ways to overcome a blocked IP. Review the alerts tab and click on the "+" icon (needs suppression enabled in general tab). This only works with /32 or /24 IPS that are listed in a blocklist.
You can also add IPs that are blocked to a whitelist that is added to a permit rule that has to be above your block rules. Refer to Alerts tab to find which IPs are getting blocked.
When you add an IP to the customlist in a whitelist, don't forget to check the "update customlist" option at the bottom and then run a Force Update for the IP to be added to the aliastable.
-
There are a couple ways to overcome a blocked IP. Review the alerts tab and click on the "+" icon (needs suppression enabled in general tab). This only works with /32 or /24 IPS that are listed in a blocklist.
You can also add IPs that are blocked to a whitelist that is added to a permit rule that has to be above your block rules. Refer to Alerts tab to find which IPs are getting blocked.
When you add an IP to the customlist in a whitelist, don't forget to check the "update customlist" option at the bottom and then run a Force Update for the IP to be added to the aliastable.
Thanks for the help. That seems to have done it. Not sure how you discovered that the ip 89.255.249[.]55 needed to be whilelisted? In chrome network tab?
In any case, I seem to also be struggling with the rule order option, none seem to keep my rules in the order I want after the update. In most cases i have Pass/block except in one case on my VLAN interface where I have a block/pass rule. Any way to keep my pf rules static and have pfBlocker rules as Pass/block?
-
Anything that is blocked is reported to the Alerts Tab… So that is where I saw it being blocking by an IBlock ADs feed... You might not have that Feed enabled? But could be in another feed....
The "Auto" rules won't work for everyone.... There are some common boiler plate options, and if they don't fit your network design, then you need to use "Alias Type" rules and manually create the rules as required.
Click on the blue infoblock icons in the IPv4 tab on how to do that...
Suppressing the IPs (Only for /32 or /24 blocks) is the best choice.... so that you don't need the permit rule. But if you require the Permit whitelist, then you need to find a rule order option that puts the permit above the block... or use Alias type rules...
There is a trick where you can edit all the pre-defined pfBlockerNG rule "descriptions", and change the prefix to "pfb_" lowercase.
Then Disable the package.
Edit all of the IPv4/6/GeoIP aliases to be "Alias type"
Then re-enable the package…This way the rules are created by the package initially so that you don't need to manually create them all... Any rules that start with "pfB_" are managed by the package on each cron or Force command.
-
Anything that is blocked is reported to the Alerts Tab… So that is where I saw it being blocking by an IBlock ADs feed... You might not have that Feed enabled? But could be in another feed....
The "Auto" rules won't work for everyone.... There are some common boiler plate options, and if they don't fit your network design, then you need to use "Alias Type" rules and manually create the rules as required.
Click on the blue infoblock icons in the IPv4 tab on how to do that...
Suppressing the IPs (Only for /32 or /24 blocks) is the best choice.... so that you don't need the permit rule. But if you require the Permit whitelist, then you need to find a rule order option that puts the permit above the block... or use Alias type rules...
There is a trick where you can edit all the pre-defined pfBlockerNG rule "descriptions", and change the prefix to "pfb_" lowercase.
Then Disable the package.
Edit all of the IPv4/6/GeoIP aliases to be "Alias type"
Then re-enable the package…This way the rules are created by the package initially so that you don't need to manually create them all... Any rules that start with "pfB_" are managed by the package on each cron or Force command.
Thanks, I did as you said. Replacing all the pfB_ with pfb_ in the descriptions. However, when I went to re-enable DNSBL, I don't see rules for it (including the floating one). I might of forgot to lowercase the rules associated with DNSBL…
How would I get back the rules for DNSBL including the floating rule for the VIP? Enabling/Disabling DNSBL has no effect.
Also after this modification when I disable pfB I get tons of notifications, am I doing something wrong here?
