PFBlockerNG IP blocking floating Rules set to "any" direction rather than "in" (Bug?)
-
HI,
I was having a problem with my email provider accessing my nextcloud web server to access davcal calenders.
I had blocked pretty much all geoip location except for my own country, and had obtained a set of ip networks to whitelist to allow the connection in (from the US).
The logs showed the connection being allowed (passed), but the connection was not being made.
After many dead ends, I went through and changed all the floating rules to direction "in" (packets coming into the interface) and it all worked (it seems a little odd to change the behavior when just trying to coalesce rules to the floating tab)
This seems to revert to "any" on an update.
I have currently just turned off the floating rules options. I am assuming that this is a bug.
I also assume that it may be theoretically possible (and technically more correct) to set the outbound firewall rules (blocking outbound ips) to a floating "out" rule on WAN, rather than as "in" rules on all of the internal lan/vlans. This way it would also catch connections initiated from the firewall itself.
regards
Duncan (who isn't quite sure where to officially raise a bug report)