Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFBlockerNG IP blocking floating Rules set to "any" direction rather than "in" (Bug?)

    pfBlockerNG
    1
    1
    93
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      duncan.young last edited by

      HI,

      I was having a problem with my email provider accessing my nextcloud web server to access davcal calenders.

      I had blocked pretty much all geoip location except for my own country, and had obtained a set of ip networks to whitelist to allow the connection in (from the US).

      The logs showed the connection being allowed (passed), but the connection was not being made.

      After many dead ends, I went through and changed all the floating rules to direction "in" (packets coming into the interface) and it all worked (it seems a little odd to change the behavior when just trying to coalesce rules to the floating tab)

      This seems to revert to "any" on an update.

      I have currently just turned off the floating rules options. I am assuming that this is a bug.

      I also assume that it may be theoretically possible (and technically more correct) to set the outbound firewall rules (blocking outbound ips) to a floating "out" rule on WAN, rather than as "in" rules on all of the internal lan/vlans. This way it would also catch connections initiated from the firewall itself.

      regards

      Duncan (who isn't quite sure where to officially raise a bug report)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post