Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unresolvable source alias!

    Scheduled Pinned Locked Moved Firewalling
    24 Posts 5 Posters 12.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GPz1100G
      GPz1100 @Antibiotic
      last edited by

      @Antibiotic I'm still finding my way around pfblocker and pfsense in general.

      Good question. I still want to limit inbound port 25 to not only domestic mta's but also want to exclude harmful or those rated poorly.

      How would I implement that?

      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Antibiotic
        last edited by

        @Antibiotic said in Unresolvable source alias!:

        why action "deny both"! What the reason to block inbound, if its block by firewall itself?

        @GPz1100 is allowing port 25 inbound, but blocking the "bad people lists" is presumably above the rule allowing port 25.

        If someone has no inbound NAT port forwards or firewall rules on WAN, then it is unnecessary to add more block rules.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        GPz1100G 1 Reply Last reply Reply Quote 0
        • GPz1100G
          GPz1100 @SteveITS
          last edited by

          @SteveITS

          Exactly!

          The question is, is it possible to create an alias containing nested aliases? For example, !PRI1 and pfB_NAmerica_v4? Meaning not in PRI1 list and in the NA list? Or would this still be two rules. I think the "quick" option would be applicable but that's available only for floating rules.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @GPz1100
            last edited by

            @GPz1100 I don't know a direct answer to your question, but I would arrange the rules in order and not try to do that with aliases.

            You can use Alias Native instead of Deny Both which only creates an alias, and does not create rules. Then you can create your own rules in whatever order you want.

            Quick is on by default for all rules except floating rules. It just means, first match wins.
            https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html#quick

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.