Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable NAT rule creation

    pfBlockerNG
    3
    9
    541
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Dnsbl generates NAT forwarding rules. How can I disable this? Deleting the NAT rules doesn't work.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @A Former User
        last edited by

        @thisisme
        These rules are needed by DNSBL to work. If you don't like it disable DNSBL.

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @viragomann
          last edited by A Former User

          @viragomann I don't think it is. Redirecting the Ad to a useless response is more harmful than just dropping the request. In my opinion these automatic NAT rules are optional and I think they are unwanted behavior. I could add them by myself or don't use them at all. No need to force add them without consent.

          DerelictD V 3 Replies Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @A Former User
            last edited by

            @thisisme Without consent is a little harsh. You consented when you installed the package.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            ? 1 Reply Last reply Reply Quote 0
            • V
              viragomann @A Former User
              last edited by

              @thisisme said in Disable NAT rule creation:

              Redirecting the Ad to a useless response is more harmful than just dropping the request

              If the traffic is simply dropped, pages will take longer to load in the web browser. Therefor it is redirected to a 1 px image.

              ? 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @A Former User
                last edited by

                @thisisme It can also render the page much less pleasant, with broken image placeholders (browser-dependent), ALT text, etc.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                ? 1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @viragomann
                  last edited by

                  @viragomann said in Disable NAT rule creation:

                  @thisisme said in Disable NAT rule creation:

                  Redirecting the Ad to a useless response is more harmful than just dropping the request

                  If the traffic is simply dropped, pages will take longer to load in the web browser. Therefor it is redirected to a 1 px image.

                  This can't have a measurable effect. Adaway for Android drops the request too. Works pretty well on my device. If the pfsense rejects the packet instead of dropping it should be fast too.

                  Anyway I see this as my choice. It will work both ways, so why don't have an option?

                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User @Derelict
                    last edited by

                    @derelict said in Disable NAT rule creation:

                    @thisisme Without consent is a little harsh. You consented when you installed the package.

                    If it sends my data to China I consented that too?

                    A nat forwarding rule isn't helpful without a proper firewall entry, but pfsense still gives me the option to add the rules by myself and not force pass everything.

                    1 Reply Last reply Reply Quote 0
                    • ?
                      A Former User @Derelict
                      last edited by

                      @derelict said in Disable NAT rule creation:

                      @thisisme It can also render the page much less pleasant, with broken image placeholders (browser-dependent), ALT text, etc.

                      Adaway for Android does the same. Im fine with that. Why am I not allowed to decide this myself?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.