Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG firewall rules and exception

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lucas1
      last edited by

      Good day.

      There are several automatically created rules using pfBlockerNG. I noticed that if disable is some of these rules, then after about 20-30 minutes it becomes enable itself. How to fix it?

      And is it possible to create some kind of exception for certain IP addresses from being blocked by the pfBlockerNG rules?

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        Disabling the FW Rules will not prevent Cron Update from recreating them. You would have to disable the IPv4 table, then run a Force Update.

        You can Unlock or Whitelist IPv4s (/32 or /24) from the Alerts tab or from the IP tab IPv4 Suppression list. Other type of IP ranges will have to be put in a different table using a Permit action.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • L
          lucas1
          last edited by

          1. disable the IPv4 table - this- Firewall\pfBlockerNG\Edit\IPv4\IPv4 Lists\State - Off?
          2. I do not find Unlock from the Alerts tab.
          3. IP tab IPv4 Suppression list - this IPs added to the 'pfBlockerNGSuppress' alias?
          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by RonpfS

            I'm using pfblockerNG-devel, so the tab have change since.

            To disable a IPv4 table you change the Action Settings to Disabled, this will also remove the associated Auto FW rule.
            To disable only one IPv4 Source (like a URL) you set the state to OFF, but that won't disable the associated Auto FW Rule.

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • L
              lucas1
              last edited by

              Thanks, with disable the IPv4 table and remove the associated Auto FW rule understandably.

              For will prevent Selected IPs from being blocked associated Auto FW just enough these IPs add in pfBlockerNGSuppress alias at Suppression = Enabled and all?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.