PfBlocker firewall rule order clarification



  • I'm unable to implement pfBlocker correctly on a new installation. I've tested on nanobsd and a livecd installation, so I'm most likely missing a step in my implementation since I used to be able to do this properly. Could someone please offer some advice on what step I'm missing?

    Here's my setup:

    So I went ahead and enabled pfblocker, and added 2 test lists from iblocklist (Microsoft and Search Engines). I set it to deny both per list settings, and I set pfblocker to apply the block rules to WAN and LAN.

    Is there something wrong with my firewall rule order? I tried moving the pass all rule(s) all the way to the top, as well as testing them all the way on the bottom of the list, but it doesn't affect my results.

    I am still able to visit sites such as google.com and microsoft.com, but the blocklists should not allow me to do so.



  • Do you have proxy configured on this server?



  • @marcelloc:

    Do you have proxy configured on this server?

    Actually, yes! - you pinpointed the problem, sort of. On a new installation without HAVP + ClamAV, pfblocker works. However, when both pfBlocker and HAVP+ClamAV are enabled, I couldn't get a right proxy configuration in order to start the services/server for HAVP+ClamAV. I don't have squid installed, but ideally, I would want pfblocker, squid, snort, and havp+clamav running without problems (maybe with varnish, too).



  • @pfNeo:

    @marcelloc:

    Do you have proxy configured on this server?

    Actually, yes!

    Change rule action to alias only and create these rules on floating tab.

    Other way to do this is to block it on proxy acls based on site name.


Log in to reply