Custom pfBlockerNG rule order

slim2016

Is there no way of disabling auto rule order?

On some ports it doesn't matter where the source ip is and other ports I want it controlled on who gets in.

The order of rules I would like is:

pfSense Pass/Match
pfB_Block/Reject
pfSense Pass/Match

e.g.

pfSense Pass/Match (allow any source ip's gong to port 2451)
pfB_Block/Reject
pfSense Pass/Match (allow ip's after being filtered by pfB_Block/Reject to go to port 443)

I can manually order the rules buts once the ip rules are updated they go back to the auto rule order. The alias rules don't apply here because i can't choose 'any source' in the alias rules to pass to a specific port in the advance settings.

NogBadTheBad

@slim2016 said in Custom pfBlockerNG rule order:

On some ports it doesn't matter where the source ip is and other ports I want it controlled on who gets in.
The order of rules I would like is:
pfSense Pass/Match
pfB_Block/Reject
pfSense Pass/Match
e.g.
pfSense Pass/Match (allow any source ip's gong to port 2451)
pfB_Block/Reject
pfSense Pass/Match (allow ip's after being filtered by pfB_Block/Reject to go to port 443)
I can manually order the rules buts once the ip rules are updated they go back to the auto rule order. The alias rules don't apply here because i can't choose 'any source' in the alias rules to pass to a specific port in the advance settings.

Use pfBlocker to create aliases then create your firewall rules.

slim2016

How do you create an alias for ANY source ip address?

NogBadTheBad

@slim2016

The alias can be used as source or destination.

Then use it in a firewall rule.

slim2016

Thanks, i've done a similar rule, I've allowed GeoIP connecting to port 2451 to pass through at the top, then i have the pfblockeNG block rules then i have port forward rule, any source connecting to port 2451 to redirect to the internal ip address. Seems to be working. Strange thing though, when you click on the states for the port forward rule there are no states, however, the top rule (GeoIP rule to port 2451) contains all the correct states.

NogBadTheBad

@slim2016
Kill all the firewall states and test again.

coffeecup25

I solved this problem a while ago.

Basically, floating rules are evaluated before anything else. Move whatever is special to floating rules. Them decide on the provided sort order.

slim2016

Just out of curiosity is not possible to place NAT/Port Forwarded rules to be placed in Floating Rules automatically or moved to floating rules?