Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfblocker-devel does not block ip

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 445 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lbm_
      last edited by lbm_

      Im having some traffic, which keeps coming in, on my mailserver, which I would like to block with pfblocker-ng-(devel). Its version "2.2.5_29"

      I've created an custom IP IPv4 category, and it seems to work. If I set the direction to "Deny both" I cannot access the blocked IP anymore, but traffic keeps coming in. I can see in the logs on the targeted server, and I also get this with tcpdump on the same server. (ips, masked)...

      14:34:40.037124 IP (tos 0x0, ttl 49, id 19471, offset 0, flags [DF], proto TCP (6), length 60)
    XXX.26332 > YYY.587: Flags [S], cksum 0x9c18 (correct), seq 888453245, win 29200, options [mss 1460,sackOK,TS val 2221667442 ecr 0,nop,wscale 10], length 0
14:35:03.020934 IP (tos 0x0, ttl 49, id 3436, offset 0, flags [DF], proto TCP (6), length 60)
    XXX1.29660 > YYY.587: Flags [S], cksum 0xfe80 (correct), seq 3773580117, win 29200, options [mss 1460,sackOK,TS val 2221690425 ecr 0,nop,wscale 10], length 0

      alt text

      alt text

      What am I missing here ? Is it because there are is an NAT rule, which overrides this ?. 🤔

      --edit--
      Just enabled the "Kill States", but the issue persists.

      --edit again--
      So, NAT rules are passed before custom rules, which must be why..
      https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-processing-order.html

      I've changed the NAT rule, to the source does NOT match my pfblocker block alias rule, which is working. BUT, I can only apply one of these.

      1 Reply Last reply Reply Quote 0
      • L
        lbm_
        last edited by

        Ok, so I think I got this working.

        I've created an alias under firewall rules with "networks" as type, where I have the added the pfBlockerNG names of the lists I have enabled under IP/IPv4 and IP/GeoIP.

        Then for the NAT rules, i've added this alias as "inverted" source.

        So, if I add/modify these lists, then the alias needs to be modified as well. Not an very big deal for me, but could be for others ??

        But maybe im missing a magic checkmark, so this happens automatically? :)

        1 Reply Last reply Reply Quote 0
        • NollipfSenseN
          NollipfSense
          last edited by

          @lbm_ said in pfblocker-devel does not block ip:

          I've created an alias under firewall rules

          There, you go...that's exactly what I would say.

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.