Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFBlockerNG DNSBL Default Ports

    pfBlockerNG
    3
    4
    538
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      romulusrodent last edited by romulusrodent

      Hi, newbie here : ) What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443? Is there a pool of numbers from the 1 to 65535 port range it is not recommended to use? Dos it mater? Does the DNSBL Listening port have to be changed as well?

      DNSBL Listening Ports.png

      Regarding firewall rules...Does the order of the rules matter for PFBlocker to work properly?
      3. Is the Firewall rules order in the image below correct?
      Firewall Rules.png

      Thanks in advance for taking the time reading this post. I would greatly appreciate any help you can provide.

      Cheers!

      1 Reply Last reply Reply Quote 0
      • JeGr
        JeGr LAYER 8 Moderator last edited by

        @romulusrodent said in PFBlockerNG DNSBL Default Ports:

        Regarding firewall rules...Does the order of the rules matter for PFBlocker to work properly?

        Of course, rule order always matters. Nothing is changed wether you create them manually or automatically.

        What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443?

        Choose one. We moved away from 8443 for WebUI because many other packages use it and it's also "kinda" well known for proxy or alternative web ports. So we use sth. like 1443 or 4443 as port for WebUI so 8443/8080/8081 etc. are free for other services. It's also less probability to make a manual mistake that opens up the webUI (unless you opened any of course). And yes, you should use a port >1024 as all <1024 are mostly "fixed" service ports you shouldn't use.

        What DNSBL SSL listening port number can be used when the PFSense TCP port is set to 8443?
        Does the DNSBL Listening port have to be changed as well?

        Erm you give the answer yourself? Of course the listening port can't be the same as the WebUI or you have a service/port conflict. Use a free one. :)

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • R
          romulusrodent last edited by romulusrodent

          Hi JeGr. Thanks so much for taking the time answering my newbie questions : ) If I understood you recommendations correctly, the easiest way to solve my PFBlocker NG issue is to change the PFSense's TCP port to something like 1443 or 4443 and leave the default ports for the DNSBL SSL and DNSBL Listening ports to avoid conflicts.

          Thanks for your help, I appreciate it.

          BBcan177 1 Reply Last reply Reply Quote 0
          • BBcan177
            BBcan177 Moderator @romulusrodent last edited by

            @romulusrodent

            Yes use any other available port... So don't reuse the same port that pfSense HTTPS is utilizing.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post