Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlocker only on specific ports

    Scheduled Pinned Locked Moved pfBlockerNG
    13 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bose301s
      last edited by

      Hello, extremely new and green to the whole pfSense and pfBlocker world so there's a good chance this has been answered but I tried searching on Google and couldn't find what I needed. I would like to use the GeoIP lists to block bad traffic from my two open ports that I have for Bittorrent and Plex, other than that I shouldn't need to apply the GeoIP rules to everything as the normal firewall rules should take care of that. Any help is appreciated.

      BBcan177B 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by NogBadTheBad

        Easy, create an alias deny rather than my alias permit and use it on a firewall rule.

        Screenshot 2019-06-12 at 07.54.21.png

        Screenshot 2019-06-12 at 07.57.48.png

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • B
          bose301s
          last edited by

          After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?

          338258b9-bce4-4a0b-a89f-42347a279656-image.png

          NogBadTheBadN 1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?

            The entire country.

            B 1 Reply Last reply Reply Quote 0
            • B
              bose301s @KOM
              last edited by

              @KOM Well that explains a lot, lol.

              See, I have a lot of learning to do.

              1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad @bose301s
                last edited by NogBadTheBad

                @bose301s said in pfBlocker only on specific ports:

                After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?

                Look at my first screenshot, create an alias then define your firewall rule.

                Screenshot 2019-06-12 at 16.00.23.png

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                B 1 Reply Last reply Reply Quote 0
                • B
                  bose301s @NogBadTheBad
                  last edited by bose301s

                  @NogBadTheBad said in pfBlocker only on specific ports:

                  @bose301s said in pfBlocker only on specific ports:

                  After more research I think I may be misunderstanding the GeoIP part as well, when you select a country in GeoIP does it block the whole county from accessing your ports or is it just known bad IPs from that country?

                  Look at my first screenshot, create an alias then define your firewall rule.

                  Screenshot 2019-06-12 at 16.00.23.png

                  I'm going to do some more learning on this before I go further, going to try to load lists of known bad IPs to block on those ports as I want connections from all over the world since BitTorrent is definitely worldwide.

                  1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad
                    last edited by

                    Maybe you should look at snort or suricata

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      bose301s @NogBadTheBad
                      last edited by

                      @NogBadTheBad I've got Suricata up and running as well.

                      NogBadTheBadN 1 Reply Last reply Reply Quote 0
                      • NogBadTheBadN
                        NogBadTheBad @bose301s
                        last edited by

                        @bose301s said in pfBlocker only on specific ports:

                        @NogBadTheBad I've got Suricata up and running as well.

                        emerging-p2p.rules << set it to block on these rules

                        Andy

                        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                        B 1 Reply Last reply Reply Quote 0
                        • B
                          bose301s @NogBadTheBad
                          last edited by

                          @NogBadTheBad said in pfBlocker only on specific ports:

                          @bose301s said in pfBlocker only on specific ports:

                          @NogBadTheBad I've got Suricata up and running as well.

                          emerging-p2p.rules << set it to block on these rules

                          That won't block all p2p? That was my understanding of what it did.

                          NogBadTheBadN 1 Reply Last reply Reply Quote 0
                          • NogBadTheBadN
                            NogBadTheBad @bose301s
                            last edited by

                            @bose301s said in pfBlocker only on specific ports:

                            @NogBadTheBad said in pfBlocker only on specific ports:

                            @bose301s said in pfBlocker only on specific ports:

                            @NogBadTheBad I've got Suricata up and running as well.

                            emerging-p2p.rules << set it to block on these rules

                            That won't block all p2p? That was my understanding of what it did.

                            You can whitelist addresses AFAIK.

                            Andy

                            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                            1 Reply Last reply Reply Quote 0
                            • BBcan177B
                              BBcan177 Moderator @bose301s
                              last edited by

                              @bose301s said in pfBlocker only on specific ports:

                              would like to use the GeoIP lists to block bad traffic from my two open ports

                              At the bottom of all GeoIP and IPv4/6 pages for each Alias/Group is "Advanced Inbound/Outbound Firewall Rule Settings" which you can use to refine the Auto Type rules to add Ports/Destination IPs etc.... or follow the other recommendations to use "Alias type" and manually create the rules as required.

                              "Experience is something you don't get until just after you need it."

                              Website: http://pfBlockerNG.com
                              Twitter: @BBcan177  #pfBlockerNG
                              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.