Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG is not doing what I want…..

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 1 Posters 568 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vMAC
      last edited by

      Can you look over my current config and let me know if it is doing what I want to to do?

      Here is what I want my firewall to do:

      • Allow ports 8000-8005 from Internet to specific IPs on LAN

      • Allow port 8443 to Unifi server from Internet

      • Allow port 33333 to internal port 32400 on PLEX server

      • Block Cameras from directly access Internet

      • Block IoT from accessing LAN or Cameras

      • Allow port 17000 for Torrents from WANt

      Here is my previous config:

      Port Forward (https://imgur.com/NNZS3sV)
      Floating Rules (https://imgur.com/3030t1F)
      WAN Rules (https://imgur.com/4r0UbYo)
      LAN Rules (https://imgur.com/bHQrv1k)
      IoT Rules (https://imgur.com/bY8HCZ0)
      Camera Rules (https://imgur.com/a/atRoZWX)

      Now I have implemented the use of pfBlockerNG and I want to use the GeoIP section of this tool to do the following:

      • Permit only USA to access ports 8000-8005, 8443, and 33333

      • Permit ANY GeoIP to access Torrents on 17000

      • Block Outbound to China/Russia/North Korea ( After typing this up I realized I was a paranoid American…..sorry )

      • This should be applicable on all Interfaces.

      Here are current config(only uploaded ones that changed):

      WAN Rules (https://imgur.com/NkHLtK0)
      LAN Rules (https://imgur.com/YYZDMV8)
      IoT Rules (https://imgur.com/aqnovss)
      Camera Rules (https://imgur.com/jHlWu5E)

      So in looking at the logs it looks like it is blocking 17000 the same as all the other ports.  What did I miss?  Anything else that would "optimize" this setup?

      1 Reply Last reply Reply Quote 0
      • V
        vMAC
        last edited by

        Okay so here is what I really need help with.
        I want to block Outgoing packets to Russian and China with the exception of my torrents which I want to send through port 17000.

        How would I implement this, as the "Invert" option does not appear for ports only for sources or destinations.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.