Protect open ports with PFBlockerNG



  • I've read other posts on this topic but still need further clarification. I want to prevent other countries other than the US from accessing my open WAN ports. It's been stated over and over again not to block the world. I've create an advanced inbound and outbound rule to allow my alias of open_ports only from the US ipv4 and ipv6. See attachments.

    If someone from china tries to access an open port on my WAN they won't hit a block till after the port forward rules are accessed. Won't they still get thru? If I move the block rules to just below the pfblocker rules will that prevent the port forwarding rules from working?

    WAN
    0_1547225547797_WAN Rules.jpg

    1_1547225547797_WAN Rules2.jpg

    On the LAN side the allow rule will work as everything is blocked by default except what is explicitly allowed?


  • LAYER 8 Global Moderator

    @naskar said in Protect open ports with PFBlockerNG:

    It's been stated over and over again not to block the world

    Says who? In a perfect setup you would only allow access to your forwards by their IP..

    Rule are evaluated top down, first rule to trigger wins. Not other rules are evaluated. If you want your port forward to only be reachable via NA address then just use that in your port forward rule to whatever IP and port your sending it too.

    If you want to specifically block country X, then put that alias above your allow rule with block.



  • So I should edit my port forward rules in NAT to add the a network alias for pfBlocker_NA IPv4 and IPv6.
    Like this

    Alias
    0_1547228457662_fpBlocker Network Alias.jpg

    Port Forward rule
    0_1547228503649_ForwardRule.jpg