Unresolvable source alias!
-
@Antibiotic I'm still finding my way around pfblocker and pfsense in general.
Good question. I still want to limit inbound port 25 to not only domestic mta's but also want to exclude harmful or those rated poorly.
How would I implement that?
-
@Antibiotic said in Unresolvable source alias!:
why action "deny both"! What the reason to block inbound, if its block by firewall itself?
@GPz1100 is allowing port 25 inbound, but blocking the "bad people lists" is presumably above the rule allowing port 25.
If someone has no inbound NAT port forwards or firewall rules on WAN, then it is unnecessary to add more block rules.
-
Exactly!
The question is, is it possible to create an alias containing nested aliases? For example, !PRI1 and pfB_NAmerica_v4? Meaning not in PRI1 list and in the NA list? Or would this still be two rules. I think the "quick" option would be applicable but that's available only for floating rules.
-
@GPz1100 I don't know a direct answer to your question, but I would arrange the rules in order and not try to do that with aliases.
You can use Alias Native instead of Deny Both which only creates an alias, and does not create rules. Then you can create your own rules in whatever order you want.
Quick is on by default for all rules except floating rules. It just means, first match wins.
https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html#quick
