Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    allow list

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 2 Posters 885 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      heliop100
      last edited by

      Hi
      pfsense 2.7.0-RELEASE
      pfblockerNG 3.2.0-6

      Allow list are set as permit inbound

      pfb_pass/match | pfb_block/reject | pfsense pass/match | pfsense block/reject

      trying to open https://http.kali.org/kali/
      I put the IP on allow_list, but site still with not connecting error

      The IP don't show on pfblockerNG Reports / Block nor on pfsense firewall logs

      any idea?

      Thanks

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @heliop100
        last edited by

        @heliop100 You have a screen shot of the error you are getting?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • H
          heliop100
          last edited by

          Yes
          Thanks.
          exto1.jpg exto2.jpg exto3.jpg exto4.jpg

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @heliop100
            last edited by

            @heliop100 So you allowedlist ACL is not being hit as you can see with the 0/0 B
            Do you see traffic permitted outbound in the firewall logs?
            Are you running Squid or Snort/Suricata ?

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • H
              heliop100
              last edited by

              No snort, no surricata, no squid.
              The only package are pfblockerNG

              no traffic permitted outbound on logs

              M 1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @heliop100
                last edited by

                @heliop100 And if you temporarily disable pfBlockerNG do you have access to the site?

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                1 Reply Last reply Reply Quote 0
                • H
                  heliop100
                  last edited by

                  Will try later.
                  I have some NAT rules that use alias_permit list

                  1 Reply Last reply Reply Quote 0
                  • H
                    heliop100
                    last edited by

                    With pfblockerNG disable the site opens normally

                    1 Reply Last reply Reply Quote 0
                    • H
                      heliop100
                      last edited by

                      I configured the "Advanced Inbound Firewall Rule Settings" and now its working.
                      Thanks.

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.