• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PFBlockerNG IP blocking floating Rules set to "any" direction rather than "in" (Bug?)

Scheduled Pinned Locked Moved pfBlockerNG
1 Posts 1 Posters 159 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    duncan.young
    last edited by May 24, 2021, 11:22 AM

    HI,

    I was having a problem with my email provider accessing my nextcloud web server to access davcal calenders.

    I had blocked pretty much all geoip location except for my own country, and had obtained a set of ip networks to whitelist to allow the connection in (from the US).

    The logs showed the connection being allowed (passed), but the connection was not being made.

    After many dead ends, I went through and changed all the floating rules to direction "in" (packets coming into the interface) and it all worked (it seems a little odd to change the behavior when just trying to coalesce rules to the floating tab)

    This seems to revert to "any" on an update.

    I have currently just turned off the floating rules options. I am assuming that this is a bug.

    I also assume that it may be theoretically possible (and technically more correct) to set the outbound firewall rules (blocking outbound ips) to a floating "out" rule on WAN, rather than as "in" rules on all of the internal lan/vlans. This way it would also catch connections initiated from the firewall itself.

    regards

    Duncan (who isn't quite sure where to officially raise a bug report)

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received