Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure pfBlockerNG to Filter 1-1 NAT and/or Port Forwards

    pfBlockerNG
    2
    3
    437
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mpfrench
      last edited by

      Ref: Running on Netgate 1100. pfSense+ 23.01. pfBlockerNG 3.2.0_3

      I have not found the correct settings to let the 1100 apply filtering to either a 1-1 NAT or Port Forwards. The only purpose of the 1100 is to keep malicious actors out of my system.

      I would really appreciate someone pointing me in the right direction on configuring the 1100. A system diagram is attached.

      20230316_System_Diagram_32.jpg

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @mpfrench
        last edited by

        @mpfrench Are you trying to block certain lists? Or allow certain countries? For instance I will often have pfB create Alias Native aliases, and then use that alias as the source on a NAT rule.

        If you're trying to block you can create rules on WAN to block access. See the image at the top of https://docs.netgate.com/pfsense/en/latest/nat/process-order.html. Again I'd create the list as Alias Native and then make my own rules as needed.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        M 1 Reply Last reply Reply Quote 0
        • M
          mpfrench @SteveITS
          last edited by

          @steveits Thanks for your suggestion. I got it to work after a fashion. The autoconfiguration of pfBlockerNG puts the blocking on only the LAN. When I added to the WAN, it began to operate as I desired.

          I wonder why the autoconfigure ever puts the rule on the LAN instead of the WAN when the purpose of pfBlocker is to keep bad crap out of your system.

          Thanks,
          Mike

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.