Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfBlockerNG Permit Inbound Wildcard Domain

    pfBlockerNG
    2
    3
    1913
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brailyn last edited by Brailyn

      Hello,

      I have been using pfblocker for geoIP blocking only. Recently, I've discovered that putting manual rules within the pfblocker rules get bumped down the list every cron update.

      I am trying to make a permanent exception to allow inbound requests from *.eu-west-1.compute.amazonaws.com.

      in the IPv4 tab, the rule list is set to "Whois" and source I've set to *.amazonaws.com. This fails during update.

      Any ideas how I can whitelist IPs that resolve to a wildcard domain such as this one?

      Maybe this will help... Is there a way I can parse and whitelist Amazon IP Ranges?

      1 Reply Last reply Reply Quote 0
      • B
        Brailyn last edited by

        To my surprise, my attempts in getting the AWS IPs white listed actually works--just needed to clear my firewall states.

        For those wondering, this is what I did... This is assuming all AWS server IPs are trusted.

        • Firewall/pfBLockerNG/IPv4>+Add
        • Alias Name: AWS
        • List Description: Allow AWS Inbound
        • IPv4 Lists: Format-Auto, State-Hold, Source-https://ip-ranges.amazonaws.com/ip-ranges.json, Header/Label-aws
        • List Action: Permit Inbound
        • Update Frequency: Weekly
        • Other fields default should be okay.

        If you want to specify ports, set and enable a Custom DST Port under "Advanced Inbound Firewall Rule Settings".

        Otherwise save, and run pfblocker update in Firewall/pfBlockerNG/Update.

        For immediate results you might need to clear firewall states in Diagnostics/States/Reset States.

        1 Reply Last reply Reply Quote 1
        • BBcan177
          BBcan177 Moderator last edited by

          More info here.... I'd like to add a page for this in the GUI, but too much to do with so little time....
          https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/

          ps - Come and subscribe to the reddit page :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy