Error when creating whitelist
-
Trying to create a white list and cannot get pass error. The alias Permitport contains port 80 and 443. When I save the Alias disapears and is not saved. Is this the issue?
What setting do I have wrong?
-
@cjbujold What are you actually trying to accomplish? If you only wish to whitelist some websites, for example, that are being blocked by a feed... that's not how to do it. I just go into DNSBL, scroll down to DNSBL WHITELIST and add the domains there.
I do have a couple of 'allow' lists, like the DNS rootservers, just to make sure that they don't end up blocked by something else as I don't forward my DNS to GOOGLE or whoever. So I provided the link to the list in the "Source Definitions" and set it to allow outbound, as the inbound will be allowed as it is a reply to my outbound request. However, you have nothing listed there, no IP list. And allowing some IP(s) INBOUND unsolicited isn't the best idea under most conditions.
However I am seeing the same issue with the alias disappearing when I SAVE since updating to PFB 3.1.0_9.
-
@cjbujold Permit Inbound on all ports on WAN would allow those IPs access to your pfSense GUI/SSH ports so it's presumably a safety check. If you really really want that you could use Alias Native and then create your own firewall rule, but as the warning says I'd really recommend against that.
-
The issue is that I have several servers in the back (HAProxy) but some outside users IP are being blocked by PFBlockerng. I want to allow specific IP addresses to never be block from getting to the the web servers.
Is this a bug in version 3.2.0_9? I'm starting to think that the Alias disappearing may indicate a bug.
Is there any other way to always permit specific IP to get access to the internal web sites?
-
@cjbujold said in Error when creating whitelist:
The issue is that I have several servers in the back (HAProxy) but some outside users IP are being blocked by PFBlockerng. I want to allow specific IP addresses to never be block from getting to the the web servers.
Is this a bug in version 3.2.0_9? I'm starting to think that the Alias disappearing may indicate a bug.
Is there any other way to always permit specific IP to get access to the internal web sites?pfSense is a stateful firewall, so by default all Inbound is blocked and outbound is allowed.
When you try to use Permit_Inbound or Permit_Both, and do not add any restrictions on where to allow the Inbound (Advanced Inbound Firewall Rule Settings), it will report that error so that users don't open their whole network to those IPs in this Permit Alias.
So I would open the Advanced Inbound Firewall Rule settings, and add to which internal LAN IPs and Ports to allow these IPs access to.
You can also use "Alias Permit", and then manually create your firewall rules as needed. -
@tzvia said in Error when creating whitelist:
However I am seeing the same issue with the alias disappearing when I SAVE since updating to PFB 3.1.0_9.
Hello!
I am seeing the same bug.
John
-
Hello!
A quick, untested, use at your own risk code hack that could possibly get this working on 3.1.0_9 would be to change line 443 in
/usr/local/www/pfblockerngpfblockerng_category_edit.phpfrom :
elseif (!array_key_exists($_POST[$s_option], ${"options_$s_option"})) {to:
elseif (!array_key_exists($_POST[$s_option], ${"options_$s_option"}) && !in_array($_POST[$s_option], ${"options_$s_option"})) {YMMV
John
-
@serbus said in Error when creating whitelist:
A quick, untested, use at your own risk code hack that could possibly get this working on 3.1.0_9 would be to change line 443 in
/usr/local/www/pfblockerngpfblockerng_category_edit.phpThis would just bypass the validation completely for other variables also. But it will temporarily fix the issue. This will be fixed in the next version. I posted a patch in another thread.