Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFblocker Issues

    Firewalling
    3
    5
    971
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thelongdivider last edited by

      Hi guys,

      My install of pfblocker and addition of lists seems to have worked.  However, I don't think my lists were added to the rules correctly (or not at all, see attachments).  Must I add the rules manually?  If so, are there any sample rules for pfblocker specifically that someone can post or direct me to?  Thank you.





      1 Reply Last reply Reply Quote 0
      • S
        senser last edited by

        You probably have the action for each list (in pfBlockers Lists tab) set to "alias only". You could use the aliases to create your own rules or you can specifiy another action (block, reject) for each list in pfBlocker.

        We use the mighty pf, we cannot be fooled.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis last edited by

          And if WAN has no pass rules, then it is blocking all incoming connects anyway. pfBlocker recognizes that and does not then bother to add its own block rules on WAN. So if all your rules are for incoming on WAN, then you will not see them.
          I guess if you add 1 pass rule on WAN to pass some combination that traffic will never match, that will "trick" pfBlocker into putting all its rules there on WAN.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • T
            thelongdivider last edited by

            Thank you for your responses.  I don't have alias only, I have it set to block inbound.  Maybe that is why there are no new rules, as the WAN has no allow rules and defaults to block.  Does this sound right?

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              Yes, correct.
              You can test by putting a silly pass rule on WAN - pass source WANaddress, destination WANaddress - that will never match any real harmful traffic. Then the pfBlocker rules should appear - you probably have to "save" in pfBlocker to kick it into action to rerun its code to generate the rules.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post