pfBlockerNG block traffic
-
Thank you very much, the explanations was great and everything is setup and working now.
-
@sbh I'm glad it all worked out for you! And I was really happy to help. Thanks for the feedback!
One thing I'd like to revisit quickly. It was early in the morning when I wrote this:
Here's what you need to do to protect the server:
- Create an Alias Permit feed for North America in pfblocker.
- Create a Permit Rule on your WAN interface with the North America alias as the Source and the Server's IP and Port as the destination.
- Immediately below the rule in #2, create a block rule with a source of any and Server's IP and Port as the destination.
I need to clairfy that you do not need the rule I described in #3 above. The reason for that is that anything other than the IP's from the North America alias would be blocked by the default deny rule on the WAN.
I must have not had enough coffee that early in the morning to get the fog out of my head!
-
Thank you for the correction, I did not put the rule that you mentioned in #3 as the firewall block everything by default, so I just open the server port for north America - US and that's all.
Do you know if I can make it even more specific and allow only specific states in the US?
-
@sbh said in pfBlockerNG block traffic:
Do you know if I can make it even more specific and allow only specific states in the US?
No I don't. But the OpenVPN protocol is pretty robust. By design it does not respond to port scans so people shouldn't even know that port is open. And if someone was to try to access the tunnel they woulds still have to authenticate with the correct credentials which would be extremely unlikely.