Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblocker alias permit status does not generatfe alias for firewall

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 3 Posters 914 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nirmelamoud
      last edited by

      Hi,
      I changed few continents to be alias permit action , and got aliases for each of them, but when I created a firewall rule with these aliases I got errors that they are unresolved,
      I went back to the aliases screen, and they disappear , now I cant make them come back (tried to change action to something else (like permit inbound, save and back to alias permit) did not work, I disabled / enabled pfblocker, and even reboot pfsense
      nothing

      I cant get the aliases to come back (I do see top_4, top_6, and PRI aliases but nothing else)

      any idea how to get them back ?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @nirmelamoud
        last edited by johnpoz

        @nirmelamoud if you just want alias then just use the alias native mode.. In pfblocker

        native.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        N 1 Reply Last reply Reply Quote 0
        • N
          nirmelamoud @johnpoz
          last edited by

          @johnpoz I need the alias for specific selected countries
          to permit only specific countries for port forwarding roles

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @nirmelamoud
            last edited by johnpoz

            @nirmelamoud ok - that is exactly what I do..

            Notice my AllowPfb alias

            us.jpg

            I allow US and Morocco into my plex with this alias - my son's sister in law is currently teaching there and I let her use my plex.. Plus some other - IPs that can change that check if plex is available remote, and then monitor system that I use to check if plex is active and if not send me alert, whos IPs also can change.

            You can really do what ever you want with the aliases you create in pfblocker - I use them in my port forward rules..

            plex.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            N 1 Reply Last reply Reply Quote 0
            • N
              nirmelamoud @johnpoz
              last edited by

              @johnpoz thanks, I upgrade to 2.5.2 and it fixed the problem (I was on 2.4.5) - thanks

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @nirmelamoud
                last edited by johnpoz

                @nirmelamoud not sure why you would use permit type if your wanting to create aliases - those are for the auto rules pfblocker creates

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                N 1 Reply Last reply Reply Quote 0
                • N
                  nirmelamoud @johnpoz
                  last edited by

                  @johnpoz I thought this is the way to do this:

                  1. in pfblocker, IP, geoip you change status to alias permit --> this generate aliases for the countries you choose in the config of this specific continent
                  2. once the aliases are created automatically (and they did) , I can add the aliases in my fw rule - which I did
                  3. and its working well, it block all countries but the 4 I have aliases for , only IP from those countries are fw to my internal devices

                  so the whole thing is working (tried with VPN for various countries) , should I have done it differently?
                  of course, I can do the alias manually, but its easier when pfblocker generate them for me

                  D 1 Reply Last reply Reply Quote 0
                  • D
                    dma_pf @nirmelamoud
                    last edited by dma_pf

                    @nirmelamoud @johnpoz

                    Here's some info on the various Aliases from the pfblocker gui:

                    Options - Alias Deny,  Alias Permit,  Alias Match,  Alias Native
'Alias Deny' can use De-Duplication and Reputation Processes if configured.
'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules
'Alias Native' lists are kept in their Native format without any modifications.

                    I've typically use Alias Permit and Alias Deny in my setup and have never had any issues.

                    N 1 Reply Last reply Reply Quote 0
                    • N
                      nirmelamoud @dma_pf
                      last edited by

                      @dma_pf thanks,
                      thats what I thought it will do, and how i used it , for some reason it disappear ,
                      and only reappear after an upgrade

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.