(SOLVED) How to change pfBlockerNG rules order
-
Hello everyone,
I've setup pfBlockerNG to use GeoIP in our WAN interface uplink, to protect other ports that we have openned to outside .
The thing is that we have several VPN's running, and I would like to avoid lockdowns (E.g. being using an IP in one of those blacklisted countries) of those VPN ports, so I have changed the order of those rules in that interface, but everytime it updates from Maxmind, it changes the order of those rules, moving all of pfBlockerNG rules to the top.
Any of you knows (without using floating rules), how to lock those rules from changing their order?
Thanks in advance!
-
If you have a bit more complex ruleset, I always advise to use pfBlocker as "supplier" for the Alias only. Just switch your IP lists from "Deny Inbound" (or any other setting) to "Alias Deny" (or Alias Native). That way pfBlocker supplies you with the IP list and the Alias as is now used in its rules like "pfB_PRI1_v4" but you can use it in your own rules like any other alias you might want. That way you can use blocklists in any rule or order you want without having to backcheck if the order has been reset/rearranged by pfBlocker.
-
@JeGr Thanks a lot! Worked like a charm.
-
@SipriusPT said in (SOLVED) How to change pfBlockerNG rules order:
@JeGr Thanks a lot! Worked like a charm.
Glad it works, happy to assist.
-
Just one note: don't use the prefix pfB_ as first string on "Description" for your own rules with pfBlockerNG aliases. This will ensure that your rules will not be handled by pfBlockerNG during updates.
-
@psp said in (SOLVED) How to change pfBlockerNG rules order:
Just one note: don't use the prefix pfB_ as first string on "Description" for your own rules with pfBlockerNG aliases. This will ensure that your rules will not be handled by pfBlockerNG during updates.
Thanks you for let me know.
When @JeGr mentioned the 'alias Denys' option, I notice that there was a description on GeoIP explaining all available options, and notice that part.
