PfBlockerNG is not doing what I want…..



  • Can you look over my current config and let me know if it is doing what I want to to do?

    Here is what I want my firewall to do:

    • Allow ports 8000-8005 from Internet to specific IPs on LAN

    • Allow port 8443 to Unifi server from Internet

    • Allow port 33333 to internal port 32400 on PLEX server

    • Block Cameras from directly access Internet

    • Block IoT from accessing LAN or Cameras

    • Allow port 17000 for Torrents from WANt

    Here is my previous config:

    Port Forward (https://imgur.com/NNZS3sV)
    Floating Rules (https://imgur.com/3030t1F)
    WAN Rules (https://imgur.com/4r0UbYo)
    LAN Rules (https://imgur.com/bHQrv1k)
    IoT Rules (https://imgur.com/bY8HCZ0)
    Camera Rules (https://imgur.com/a/atRoZWX)

    Now I have implemented the use of pfBlockerNG and I want to use the GeoIP section of this tool to do the following:

    • Permit only USA to access ports 8000-8005, 8443, and 33333

    • Permit ANY GeoIP to access Torrents on 17000

    • Block Outbound to China/Russia/North Korea ( After typing this up I realized I was a paranoid American…..sorry )

    • This should be applicable on all Interfaces.

    Here are current config(only uploaded ones that changed):

    WAN Rules (https://imgur.com/NkHLtK0)
    LAN Rules (https://imgur.com/YYZDMV8)
    IoT Rules (https://imgur.com/aqnovss)
    Camera Rules (https://imgur.com/jHlWu5E)

    So in looking at the logs it looks like it is blocking 17000 the same as all the other ports.  What did I miss?  Anything else that would "optimize" this setup?



  • Okay so here is what I really need help with.
    I want to block Outgoing packets to Russian and China with the exception of my torrents which I want to send through port 17000.

    How would I implement this, as the "Invert" option does not appear for ports only for sources or destinations.