Using pfBlockerNG Alias as source for NAT rule

bradyrf · Mar 18, 2019, 6:12 PM

I am trying to use pfblockerng to create an alias of the US IP space so I can use that as a source in my NAT rule.
I have created an alias match under GEOIP North America as well as created an alias under IPV4 pointing at the source /usr/local/share/GeoIP/cc/US_v4.txt. When I go into the NAT rule the aliases I have created do not show up.

Am I missing something, maybe misunderstanding the pfblockerng / nat connection or is there a better way to accomplish this?

Thanks in advance.

NogBadTheBad · Mar 18, 2019, 7:00 PM

Here is how I allow the access to my SFTP server using GEOIP:-

NB I use any on the NAT rule so I can quickly change the firewall rule if needed.

bradyrf · Mar 18, 2019, 7:23 PM

Thanks much for the help my friend. I got it working.
Its weird about an hour after i was working on it the alias's popped up as an available alias in the NAT source alias.

Always appreciate your time. Im sure this will help many folks.
Have a great day.
B

Grimson · Mar 18, 2019, 7:50 PM

@bradyrf said in Using pfBlockerNG Alias as source for NAT rule:

Its weird about an hour after i was working on it the alias's popped up as an available alias in the NAT source alias.

RTFM:

NogBadTheBad · Mar 18, 2019, 8:05 PM

@bradyrf

Don't create the alias using Firewall -> pfBlockerNG -> IP -> GeoIP as it will tie up the North America rule.

Better to use Firewall -> pfBlockerNG -> IP -> IPv4 & IPv6 as you can name the alias whatever you want.

You can force an update of the aliases via Firewall -> pfBlockerNG -> Update

bradyrf · Mar 18, 2019, 10:28 PM

Thank you kind sir.
I appreciate the advice.
B