PFBlockerNG - want to allow country but also SIP provider on static IP

  • Hi all, I've got some questions regarding pfblocker. I've checked out the youtube tuts and the wiki, but still need some guidance here.

    I have a class C public block of IP's, I have these set via VIP's on my WAN, I'm currently doing a 1:1 NAT for my SIP from my voip provider to my WAN, I also have UDP(range) and SIP ports open to the public on The 1:1 and port forwarding are going to my private SIP

    I would now like to add my country as a geo-location on pfblocker, so only allow my country, but still want the 1:1 NAT and port forwarding rules plus my voip providers IP(not hosted in my country) to take affect.

    Does that make sense?
    So anyone in my country plus one external to my country IP to have access to….as specified by my current 1:1 rules and port forwarding.

    I'm confused by the "custom destination in "advanced inbound rule" where it says "Click Here to add/edit Aliases Do not manually enter Addresses(es)."

    Does this mean as I read it that I must create an Alias for my public IP or must I create this for my internal IP
    Must I create the "list action" as "alias permit" or "alias native"? And will this still take into account my 1:1 NAT and UDP port forwards I currently have open to the world and then just suppress access for IP's originating in my country?

    Which is what I want, so effectively I have: > 1:1 NAT >
    SIP port forward on to
    UDP range port forward on to

    I want this to remain but with the exception of adding >SIP port forward on to
    And then denying anything else outside of my country

    Net result >SIP port forward on to >UDP range port forward on to
    My-Country > SIP port forward on to
    My-Country > UDP range port forward on to

    Any help or inkling appreciated!

Log in to reply