CLI rule prioritization



  • Hi Everyone,

    I am using pfBlockerNG's GeoIP blocking. It works great, but I have one subnet in a blocked country that I need to allow access.

    I can manually fix the problem by dragging the allow rule to the top of the rule list in the GUI, but every night when pfBlocker updates, it pushes the allow rule down below the blocks and traffic stops.

    I understand that flexibility within pfBlocker to deal with this is limited, so I was hoping to be able to do it from the command line using a cronjob. Problem is, I have no idea how to do this...

    Is there a CLI command that I can use to re-order a rule -- ie. take WAN rule 98 and put it in position #2 for example?

    And if that's possible, how could I add that command to a crontab so it would do it every night at a specified time?

    Any help would be appreciated.

    Thanks to you all in advance,
    -Michael


  • Netgate Administrator

    I would set pfBlocker to create aliases only and then add you own block rules using them.

    Then you can set the rule order yourself and it won't change when pfBlocker updates the aliases.

    Steve



  • Hi Stephenw10,

    I thought about that, but I don't see an option to do it with the GeoIP filters. I see it under IPv4 and IPv6... of course, I could be missing something. I'm pretty new at this.

    Thank you


  • Netgate Administrator

    Just set the List Action to Alias Native and use the created aliases.

    Steve



  • Thank you! I think that will work for me.


Log in to reply