pfBlockerNG Permit Inbound Wildcard Domain



  • Hello,

    I have been using pfblocker for geoIP blocking only. Recently, I've discovered that putting manual rules within the pfblocker rules get bumped down the list every cron update.

    I am trying to make a permanent exception to allow inbound requests from *.eu-west-1.compute.amazonaws.com.

    in the IPv4 tab, the rule list is set to "Whois" and source I've set to *.amazonaws.com. This fails during update.

    Any ideas how I can whitelist IPs that resolve to a wildcard domain such as this one?

    Maybe this will help... Is there a way I can parse and whitelist Amazon IP Ranges?



  • To my surprise, my attempts in getting the AWS IPs white listed actually works--just needed to clear my firewall states.

    For those wondering, this is what I did... This is assuming all AWS server IPs are trusted.

    • Firewall/pfBLockerNG/IPv4>+Add
    • Alias Name: AWS
    • List Description: Allow AWS Inbound
    • IPv4 Lists: Format-Auto, State-Hold, Source-https://ip-ranges.amazonaws.com/ip-ranges.json, Header/Label-aws
    • List Action: Permit Inbound
    • Update Frequency: Weekly
    • Other fields default should be okay.

    If you want to specify ports, set and enable a Custom DST Port under "Advanced Inbound Firewall Rule Settings".

    Otherwise save, and run pfblocker update in Firewall/pfBlockerNG/Update.

    For immediate results you might need to clear firewall states in Diagnostics/States/Reset States.


  • Moderator

    More info here.... I'd like to add a page for this in the GUI, but too much to do with so little time....
    https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/

    ps - Come and subscribe to the reddit page :)