pfBlockerNG Ghost Auto Rule

  • Hello,
    I am encountering a weird issue where pfBlockerNg is creating a permit auto rule in our pfsense rulebase, but the GUI does not show a corresponding Ipv4 rule int pfBlockerNG rulebase. The auto rule that is being created is for the North American Continent and it permits all traffic from the continent, I erase or disable the rule and it reappears after the next cron/update for pfBlockerNg. No such rule currently exists in ipv4 or v6 tabs, there I only have alias entries for specific countries. How do I get rid of this rule?

  • Did you look at the pfblockerng.log ? Do you have something defined in GeoIP tab?

  • @ronpfs said in pfBlockerNG Ghost Auto Rule:


    All I see in the logfile is when I delete the rule the next time the cron job runs I get:
    Firewall rule changes found, applying Filter Reload

    I am not sure what you mean by the Geo-IP tab. Do you mean the Country Tab? I have used it to create IPv4 rules. I don't see anything there which is defined to create the auto rule for permit traffic to all North America.

  • In pfBlockerNG-devel 2.2.1 the Country tab is now GeoIP.
    Run a Force Update than a Force Reload All and inspect the pfblockerng.log

  • Thanks,
    You gave me the direction I needed. I thought the Geo-IP tab was just a way to create rule in the IPv4 and v6 tab. I didn't realize it also kept rules independently. So solved
    Again, thanks

Log in to reply