Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG Permit Inbound Wildcard Domain

    pfBlockerNG
    2
    3
    3983
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brailyn
      last edited by Brailyn

      Hello,

      I have been using pfblocker for geoIP blocking only. Recently, I've discovered that putting manual rules within the pfblocker rules get bumped down the list every cron update.

      I am trying to make a permanent exception to allow inbound requests from *.eu-west-1.compute.amazonaws.com.

      in the IPv4 tab, the rule list is set to "Whois" and source I've set to *.amazonaws.com. This fails during update.

      Any ideas how I can whitelist IPs that resolve to a wildcard domain such as this one?

      Maybe this will help... Is there a way I can parse and whitelist Amazon IP Ranges?

      1 Reply Last reply Reply Quote 0
      • B
        Brailyn
        last edited by

        To my surprise, my attempts in getting the AWS IPs white listed actually works--just needed to clear my firewall states.

        For those wondering, this is what I did... This is assuming all AWS server IPs are trusted.

        • Firewall/pfBLockerNG/IPv4>+Add
        • Alias Name: AWS
        • List Description: Allow AWS Inbound
        • IPv4 Lists: Format-Auto, State-Hold, Source-https://ip-ranges.amazonaws.com/ip-ranges.json, Header/Label-aws
        • List Action: Permit Inbound
        • Update Frequency: Weekly
        • Other fields default should be okay.

        If you want to specify ports, set and enable a Custom DST Port under "Advanced Inbound Firewall Rule Settings".

        Otherwise save, and run pfblocker update in Firewall/pfBlockerNG/Update.

        For immediate results you might need to clear firewall states in Diagnostics/States/Reset States.

        1 Reply Last reply Reply Quote 2
        • BBcan177B
          BBcan177 Moderator
          last edited by

          More info here.... I'd like to add a page for this in the GUI, but too much to do with so little time....
          https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/

          ps - Come and subscribe to the reddit page :)

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post