Frequent pfBlockerNG GeoIP Alerts?
-
I have a vanilla network at home using pfsense and pfBlockerNG with GeoIp turned on blocking about 10 different countries. I have no open ports and a basis default install of pfsense.
My concern/question is that in the alert section of pfBlockerNG I get a new alert about every 1-20 seconds denying an inbound connection from mostly Russia looking at a variety of ports. Is this normal or to be expected? Do I even need to be running the GeoIp blocks if I opened no ports and have a default install of pfsense?
-
@fernis
Did you see the comments at the Top of the GeoIP pages :)No, it won't provide any benefit if there are no open WAN ports, unless of course you just want to see all the noise that is hitting the WAN.... Everyone just keeps forgetting that pfSense is a stateful firewall, so even tho you add rules to Block those IPs on the WAN.... It won't block you LAN from making an outbound connection to those IPs.... So best to add Outbound Rules.... GeoIP is a bit hit/miss, but its one layer.... would also suggest adding IP Feeds to block outbound also.
-
Is it normal to see hits every 10 seconds or so?
-
@fernis said in Frequent pfBlockerNG GeoIP Alerts?:
Is it normal to see hits every 10 seconds or so?
Ya there is a lot of scanning going around... Check the pfB Alerts Tab and it will show what ports were involved in those events.
-
@bbcan177 said in Frequent pfBlockerNG GeoIP Alerts?:
adding IP Feeds to block outbound
How would suggest the best way for me to add IP feeds to block outbound also?
-
@fernis
Install pfblockerNG-devel which has an integrated Feeds tab which you can review feeds that can be added. Then select the "action" setting for "Deny Outbound".
-
I installed pfblockerNG-devel and went through the wizard successfully. I see the feeds tab, but don't see your second set of instructions "Then select the "action" setting for "Deny Outbound"". Can you clarify, please?
-
IP Tab
Edit the Alias name
Modify the "Action" setting.
Click on the blue infoblock icons for additional details.
