PFBlockerNG DNSBL Default Ports



  • Hi, newbie here : ) What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443? Is there a pool of numbers from the 1 to 65535 port range it is not recommended to use? Dos it mater? Does the DNSBL Listening port have to be changed as well?

    DNSBL Listening Ports.png

    Regarding firewall rules...Does the order of the rules matter for PFBlocker to work properly?
    3. Is the Firewall rules order in the image below correct?
    Firewall Rules.png

    Thanks in advance for taking the time reading this post. I would greatly appreciate any help you can provide.

    Cheers!


  • LAYER 8 Moderator

    @romulusrodent said in PFBlockerNG DNSBL Default Ports:

    Regarding firewall rules...Does the order of the rules matter for PFBlocker to work properly?

    Of course, rule order always matters. Nothing is changed wether you create them manually or automatically.

    What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443?

    Choose one. We moved away from 8443 for WebUI because many other packages use it and it's also "kinda" well known for proxy or alternative web ports. So we use sth. like 1443 or 4443 as port for WebUI so 8443/8080/8081 etc. are free for other services. It's also less probability to make a manual mistake that opens up the webUI (unless you opened any of course). And yes, you should use a port >1024 as all <1024 are mostly "fixed" service ports you shouldn't use.

    What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443?
    Does the DNSBL Listening port have to be changed as well?

    Erm you give the answer yourself? Of course the listening port can't be the same as the WebUI or you have a service/port conflict. Use a free one. :)



  • Hi JeGr. Thanks so much for taking the time answering my newbie questions : ) If I understood you recommendations correctly, the easiest way to solve my PFBlocker NG issue is to change the PFSense's TCP port to something like 1443 or 4443 and leave the default ports for the DNSBL SSL and DNSBL Listening ports to avoid conflicts.

    Thanks for your help, I appreciate it.


  • Moderator

    @romulusrodent

    Yes use any other available port... So don't reuse the same port that pfSense HTTPS is utilizing.


Log in to reply