Auto Order not Working?
-
I am sure I have done something really silly, or maybe I don't understand but I have pfBlockerNG set on the default auto-order and floating rules. Annoyingly the FireHol L1 set is picking up a CGNAT IP address range I am using for VPN (well Cloudflare is), so I set up a whitelist to allow those rules.
For some reason though, I can't get it to stay at the top, I thought the default auto-order had pfBlockerNG Allow first, then Block then Reject?
I tried messing with Alias Allow, but ideally I would prefer to keep the default just for simplicity, is there a different setting than the default I should be using, to have the whitelist at the top, then reject/block after that?
Ideally I would like it like this, but every time an update runs it pulls pfB_PRI1_v4 to the top, which means the suppression list stops working.Many thanks!
-
From the info block -- I don't think anything has changed here --- your best to use Alias types and make the rules yourself, then when you place them in a specific order you want, they will stay in that order. Any of the "auto generated rules" will always sort based on the Firewall 'Auto' Rule Order.
"Refer to the blue infoblock 'List Action' icon in the IPv4 tab for details on how to use 'Alias type' (ie: 'Alias Deny') instead of 'Auto generated rules', if required for your network design. Select the 'Order' of the Rules Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB. Selecting any other 'Order' will re-order all the rules to the format indicated! "