Firewall alias using multiple pfBlocker aliases
-
Until now I have permitted firewall access to a single country using a pfBlocker alias in a FW rule.
I now wish to permit access from multiple countries and have two pfBlocker aliases.
pfB-Asia_v4
pfB_Oceana_v4Rather than duplicate each FW rule, one for each alias I wanted to create a single FW alias that includes both bfBlocker aliases then I just need a single FW rule.
Is this possible?
When I tried to create a FW alias and include a pfBlocker alias I receive the following error:
The following input errors were detected:
The alias(es): pfB_Oceania_v4 cannot be nested because they are not of the same type. -
@mcmurphy Do it via Firewall -> pfBlockerNG -> IP -> IPv4 and create a new entry and add all your GeoIP countries.
You'd still need two aliases & rules if you use IPv4 & IPv6.
-
@mcmurphy You might try creating the country lists as Alias Native and see if that works. With Alias Native pfB just creates the aliases and you can add your own rules.
I would think "of the same type" means a URL alias vs a host alias (?) but I would have thought they were the same in this usage since pfB is creating both.
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#nesting-aliases -
Thanks. My UI looks different and I do not have the GeoIP option in the dropdown?
-
@mcmurphy You likely have the older pfBlocker not pfBlocker-devel. The former doesn’t seem to be updated anymore and the package maintainer has posted to use the devel version. Despite the name.
-
@steveits
That'll be it. I was not using the devel version.
