Pfblocker alias permit status does not generatfe alias for firewall
-
Hi,
I changed few continents to be alias permit action , and got aliases for each of them, but when I created a firewall rule with these aliases I got errors that they are unresolved,
I went back to the aliases screen, and they disappear , now I cant make them come back (tried to change action to something else (like permit inbound, save and back to alias permit) did not work, I disabled / enabled pfblocker, and even reboot pfsense
nothingI cant get the aliases to come back (I do see top_4, top_6, and PRI aliases but nothing else)
any idea how to get them back ?
-
@nirmelamoud if you just want alias then just use the alias native mode.. In pfblocker
-
@johnpoz I need the alias for specific selected countries
to permit only specific countries for port forwarding roles -
@nirmelamoud ok - that is exactly what I do..
Notice my AllowPfb alias
I allow US and Morocco into my plex with this alias - my son's sister in law is currently teaching there and I let her use my plex.. Plus some other - IPs that can change that check if plex is available remote, and then monitor system that I use to check if plex is active and if not send me alert, whos IPs also can change.
You can really do what ever you want with the aliases you create in pfblocker - I use them in my port forward rules..
-
@johnpoz thanks, I upgrade to 2.5.2 and it fixed the problem (I was on 2.4.5) - thanks
-
@nirmelamoud not sure why you would use permit type if your wanting to create aliases - those are for the auto rules pfblocker creates
-
@johnpoz I thought this is the way to do this:
- in pfblocker, IP, geoip you change status to alias permit --> this generate aliases for the countries you choose in the config of this specific continent
- once the aliases are created automatically (and they did) , I can add the aliases in my fw rule - which I did
- and its working well, it block all countries but the 4 I have aliases for , only IP from those countries are fw to my internal devices
so the whole thing is working (tried with VPN for various countries) , should I have done it differently?
of course, I can do the alias manually, but its easier when pfblocker generate them for me -
Here's some info on the various Aliases from the pfblocker gui:
Options - Alias Deny, Alias Permit, Alias Match, Alias Native 'Alias Deny' can use De-Duplication and Reputation Processes if configured. 'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules 'Alias Native' lists are kept in their Native format without any modifications.
I've typically use Alias Permit and Alias Deny in my setup and have never had any issues.
-
@dma_pf thanks,
thats what I thought it will do, and how i used it , for some reason it disappear ,
and only reappear after an upgrade