pfBlockerNG Alias Firewall Rule Question
-
HI @NogBadTheBad - thanks for getting back to me. I made the change to the WAN rule.
Also, I'm using the original pfBlockerNG, not pfBlockerNG-devel. Here are the settings for this GeoIP alias:
I did to choose "Alias Native" - is that not correct? Thanks again.
-
I'd upgrade to pfBlockerNG-devel.
-
@NogBadTheBad said in pfBlockerNG Alias Firewall Rule Question:
I'd upgrade to pfBlockerNG-devel.
Thanks @NogBadTheBad - is the upgrade seamless? That is, will my settings stick between the two or do I have to reconfigure everything? Also, I assume the upgrade process would be to uninstall the hold pfBlockerNG first and then install pfBlockerNG-devel? Thanks again.
-
Not sure TBH I went straight to pfBlockerNG-devel, maybe @BBcan177 could advise.
-
This post is deleted! -
Thanks @NogBadTheBad - I really appreciate the help. Hopefully @BBcan177 could advise me as well on what the best path forward here would be. Thanks again!
-
Well, I went ahead and wiped out my pfBlockerNG install tonight and reinstalled with pfBlockerNG-devel including my block lists. Set up a Permit Alias for VPN similar to what @NogBadTheBad did for SSH in the screenshot above. Applied this alias as the source on the inbound VPN firewall rule on WAN. However, I still see all UDP traffic (packets) being picked up and counted by the widget in the dashboard. Cross-checking against the firewall logs the UDP traffic is being blocked by the default deny rule. I just don't quite understand why it is being counted as a PASS packet. Does anyone have any ideas? Does the traffic hit pfBlockerNG first before the default deny rule? Thanks again.
Edit: I also found this all thread on Alias which indicates that a Permit Alias would be the right choice in this case:
https://forum.netgate.com/topic/121185/pfblockerng-alias
-
@tman222 said in pfBlockerNG Alias Firewall Rule Question:
I just don't quite understand why it is being counted as a PASS packet.
Remember, the NIC sees the packet before the firewall does!
-
@NollipfSense said in pfBlockerNG Alias Firewall Rule Question:
@tman222 said in pfBlockerNG Alias Firewall Rule Question:
I just don't quite understand why it is being counted as a PASS packet.
Remember, the NIC sees the packet before the firewall does!
Thanks @NollipfSense, I appreciate your response.
So that does that mean that pfBlockerNG sees the packets before they hit the firewall's default deny rule and that's why they are being counted? Unfortunately I don't know enough about how the package works to be certain on this.
Thanks again.
-
@tman222 Well, I think it would be pfSense that provided pfBlockerNG widget the packet info.
