GeoBlock Whitelisting by LAN IP

  • I'm currently using pfBlockerNG to geoblock several countries. I have one device on my LAN that I want whitelisted from the geoblock. Is this possible?

    I've tried adding a whitelisting rule to the IPv4 rules. I've also tried adding floating and LAN rules to the top of the firewall lists allowing the specific LAN device as the source to ANY.

    What am I doing wrong?

  • I don't believe you can whitelist geoblocking in pfBlocker…I suspect you blocked everything? In my experience geo blocking is all or nothing...

  • I'm not blocking everything, but I am blocking the usual suspect countries. I was hoping to exclude one specific device on my LAN from geoblocking. I looked for a few hours yesterday and couldn't figure it out.

  • What about creating FW Rules to allow that device outbound before the GeoIP FW Block rules
    Or use Advanced OutBound FW Rules Settings, Custom Source/Invert/Alias name for Ip of the lan device

  • The geo blocking rules are in the floating section of the firewall. I did add a floating rule to the top of the floating section with the source as the LAN IP I need unblocked. But that was still being blocked even though it was above the geo blocking rules. Is there any other way to do it?

  • Did you Select Quick [ x ] Apply the action immediately on match.

  • Yes I did. But I do t think I selected “inverted.” Would that make a difference?

  • @EWBtCiaST:

    Yes I did. But I do t think I selected “inverted.” Would that make a difference?

    If you created a FW rule to allow the Lan Device, then you have to select Quick and no invert for Source.

    For you GeoIP block alias table, there you could just create an FW Alias IP for the lan device, then select Custom source, Invert, that should block inbound LAN except the lan device.

  • Attached is the floating rule I have at the top of the list. When I add this rule, the traffic is still blocked, but the blocked alert changes my interface from the LAN to Opt1.

  • What did you select for Interface for that rule ? Should be applied on LAN if the device reside on that network.

  • The only interface selected is the LAN.

  • What is the interface / direction of the alerts ?

    The FW rule will allow the lan ip to initiate Outbound traffic and associated return traffic.
    It will still block incoming connections not initiated by the lan IP.

  • I'm trying to visit a website from that .15 device on my LAN. PFBlocker is geoblocking it even though the rule is above the geo rules in the floating section.

  • Beats me. You applied the changes to the FW Rules ?
    Enable logging on the rule and see what's happening in Firewall logs.
    Also check the LAN rules

Log in to reply