Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Custom IPv4 Allow List

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wesleywillis
      last edited by

      Hello,

      I've just setup a new pfSense firewall for a web hosting environment. On the WAN interface, I have rules in place that allow traffic over specified ports to the desired internal addresses (using VIPs and 1:1 NAT).

      Screen Shot 2022-02-18 at 10.52.08 AM.png

      I also have pfBlockerNG setup and use the PRI1 (deny both) and GeoIP Top Spammers (deny inbound) lists.

      Screen Shot 2022-02-18 at 10.51.08 AM.png
      Screen Shot 2022-02-18 at 10.52.41 AM.png

      However, I occasionally need to allow IPs for developers in countries that may appear on these lists. What is the best way to create a custom allowed list for these addresses so that they're not blocked by the above rules created by pfBlocker?

      Thanks in advance for any advice!

      NogBadTheBadN S 2 Replies Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @wesleywillis
        last edited by NogBadTheBad

        @wesleywillis Tried not using floating rules ?

        https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • S
          serbus
          last edited by serbus

          Hello!

          On the PfBlockerNG > IP > IPv4 page you can +ADD an IPv4 list.
          Give it a name in the Info section and an Action (Permit Inbound) in the Settings section.
          Use the IPv4 Custom_List section at the bottom to specify IP addresses.
          Adjust the Advanced Inbound Firewall Rule Settings as required.
          Make sure to perform a PfBlockerNG > Update when you are done.

          John

          Lex parsimoniae

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @wesleywillis
            last edited by

            @wesleywillis There is a way to order rules in pfBlocker settings, but what I find easier and clearer is for any of those type of blocks where I need to allow some, create the pfB list as Alias Native. That just creates the alias without any rules. You can then use the alias in whatever rules, NAT forward, etc.

            allow from Good_IP
            block from Bad_IPs

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.