Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker duplicate rules

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      caustic386
      last edited by

      Anybody else seeing duplicate rulesets being created whenever you add a new list to pfBlocker?  I have 2 WAN connections, and LAN, with pfBlocker enabled.  On both my LAN and OPT1, when I add a new list to pfBlocker, the rules are created again identical to the original set of rules.  Before I cleaned up, I had 4 identical copies of some rules.

      2.0.1 amd64

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        This should have been fixed a while ago - see http://forum.pfsense.org/index.php/topic,42543.msg250712.html#msg250712
        It only happened for me when I also had some floating rules in my config.
        You might need to re-install the latest version of pfblocker to get the fixes to the code that creates the firewall rules from the pfblocker lists.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • C
          caustic386
          last edited by

          Thanks - according to package manager, I'm on the latest version.  I'll open something with support, I think.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            I've reduces duplicate cases and also applied some forum users patches but there are still duplicates on some cases.

            This does not affect pfsense performance or load, is just a minor bug I could not fix 100% yet.

            To workaround, you can change pfblocker action to alias only and create your own rules on wan.

            att,
            Marcello Coutinho

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • C
              caustic386
              last edited by

              Thanks, I'll give that a try! Will the dashboard plugin still work?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @caustic386:

                Thanks, I'll give that a try! Will the dashboard plugin still work?

                Yes, you need just to follow alias only description format.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • C
                  caustic386
                  last edited by

                  I'm going through these now - is there a reason we need to have pfBlocker running on the WAN interfaces?  WAN interfaces already deny all.  Couldn't they simply be run on the LAN interface with deny by destination?

                  If you do recommend pfBlocker on WAN interfaces, is there any reason I couldn't simply make a set of floating rules?

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @caustic386:

                    I'm going through these now - is there a reason we need to have pfBlocker running on the WAN interfaces?  WAN interfaces already deny all.  Couldn't they simply be run on the LAN interface with deny by destination?

                    if you do not have any service published on wan, then no need to use pfblocker for inbound restriction.

                    @caustic386:

                    If you do recommend pfBlocker on WAN interfaces, is there any reason I couldn't simply make a set of floating rules?

                    sure, floating rules with pfblocker aliases will work.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • C
                      caustic386
                      last edited by

                      @marcelloc:

                      if you do not have any service published on wan, then no need to use pfblocker for inbound restriction.

                      Excellent point!  Thanks again!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.