Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker with BGP and dual wan

    Scheduled Pinned Locked Moved
    Firewalling
    1
    1
    45
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bubbaboi
      last edited by

      So we have a block of IPs that route through BGP through 2 ISPs
      i have installed and enabled pfblocker on many firewalls, but not in a situation like this, and well now the issue is the reports feed of what is getting blocked is going crazy with blocking things hitting the bgp IPs from an unknown feed, despite having no feeds enabled or any blocking.
      5c5e0e54-c2b7-4a87-b944-6df9cdcb796e-image.png
      Now every single IP is malicious, legit traffic is not blocked as far as i can tell, and all of them are accessing ports that are opened.
      we block everything by default, then allow traffic through NAT rules that end up on gw_group, and then traffic load balanced between either WAN1 or WAN2
      i have also tested by adding my IP to pfblocker however it does not block me from accessing things.
      here is the report of ips being blocked
      6e5c1763-a254-43c7-a7d0-a45fda083960-image.png
      on the IP inbound it is our 2 wans
      on the outbound, iti s all our BGP IPs
      here is a picture of another firewall where all rules it is completely normal
      8aaa6c28-466b-4b33-a256-6067f9a858f3-image.png
      would think it would be as simple as select gw_group wan1 and 2 as the outbound, but there is no option for it
      17f3e6d3-998e-407b-b60c-a6a47bde71ab-image.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post