Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I set exceptions?

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 540 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      logan517
      last edited by

      Hi,

      i've moving from Sophos UTM to pfSense and also pfBlockerNG.

      I've blocked generally a whole bunch of countries -> Deny In and Outbound

      How do i can set exceptions like these:
      A Picture is more than 1000 words  :D

      countryblock_exception.PNG
      countryblock_exception.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • B
        bartkowski
        last edited by

        By default, pfSense blocks all inbound traffic, so if you don't have any open ports, this is a wasted effort.

        1 Reply Last reply Reply Quote 0
        • L
          logan517
          last edited by

          @bartkowski:

          …don't have any open ports...

          But, I have opened a few ports.
          I also want to block the outgoing, only if a http/s connection in the selected countries, as seen in the screenshot above

          1 Reply Last reply Reply Quote 0
          • B
            bartkowski
            last edited by

            You may need to think about this in the opposite way. Instead of blocking, think about what countries you want to allow. You then create "alias" lists in pfBlockerNG which can be used to create your own firewall rules. 
            Depending which country list is shorter (allowed or blocked), I would start there, and remember you can always set "Invert Match" to accomplish what you want.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.