Troublesome IP getting though pfBlocker

FrankZappa

@johnpoz Johnpoz, you seem to have found the issue. Here's my pfBlocker setup below. I checked the IP table under diagnostics, and the troublesome IP is NOT there (although it's in my custom IP list). It should be where the red arrow is pointed. I wonder why that's happening?

johnpoz

@FrankZappa that is not how I would do aliases - those are rules not aliases.. See my example above where they are set as just native aliases. then you create your own rules using those.

But yeah if the IP is not in the table - then no it wouldn't be blocked.

But as mentioned by @Bob-Dig if your just doing a list of IPs - you can just use the built in alias feature of pfsense. I use pfblocker for aliases because mine pull IPs from other sources, etc. Or use country IPs, etc.

FrankZappa

@johnpoz Thanks. Why do you suppose all the other IP's from the custom list show up in the table, but not that one IP?

johnpoz

@FrankZappa that is a very good question.. maybe a space before or after, maybe it just hasn't been update - you have it what set to weekly?

You could try forcing an update and see if that populates the table.

FrankZappa

@johnpoz I've done the force update many times, to no avail. So I took a look at changing my list to Alias Native (vice deny inbound). To be clear; I only need to change it to Alias Native and that IP list will be blocked?

FrankZappa

@johnpoz Ok, I fixed it (Thanks johnpoz and Bob.Dig). I deleted the custom IP list, saved it empty, reloaded the list of IP's on the custom list, saved it, updated it and now the IP shows up in the Diagnostics Table. Fixed! Not sure why it wouldn't take before, but as johnpoz stated it may have been a space or some kind of glitch with that IP.
So now you guys have me wondering what the difference is between an Alias Native list, or just leaving the setting as deny inbound on my list for pfBlocker? I dont understand what the "Alias Native" option does. Thanks.

johnpoz

@FrankZappa alias native doesn't create a firewall rule - the way you have it set pfblocker would actually create the rule for you. I personally am not a fan of that - I will create my rules thank you very much ;)

When you use alias native its just that an aliases - you would have to create the rule and how you want to use the alias in the rule or port forward, etc..

Both are valid ways to get the task done.. But I don't like things auto messing with my rules - maybe order gets changed, maybe I want to move the order around myself and don't want to have something alter that on its own, etc.

FrankZappa

@johnpoz Thanks johnpoz. Forgive my ignorance but I don't see where I can create a rule to block the ip's on the custom list. How does a block rule reference the list?

johnpoz

@FrankZappa when you set it to alias native there will be an alias created..

FrankZappa

@johnpoz Got it. Many thanks.