Firewall rule order
-
I am using pfblocker and it works. I have some Spamhaus lists in the lists section with an autoupdate daily.
The issue I am having is that I need to have a couple of rules (port 80 and 443) stay above the pfblocker rules so that these ports are not blocked by pfblocker (yes! so even Chinese IPs can reach the web server).
The problem is that the rules I want kept at the top keep shifting down below the pfblocker rules. I suspect it is because whenever pfblocker updates the Spamhaus lists it re-orders the rules and moves all other rules above down to the bottom again.
Is there a way to make some manually added rules "sticky" so that they don't move, or must I disable the pfblocker auto-refresh for Spamhaus and update it manually and then re-order the rules manually every time?
Thanks
Daniel -
Would a floating rule work? They get parsed before the interface rules, as I understand it.
-
I couldn't get floating rules to work at all but I think I found a solution.
I set the NAT rules I want to have priority over all other rules (pfBLockerNG perticularly) as PASS rather than create a new filter association in the "Filter rule association" setting.
From the observations I've made so far it appears to be working.
dsiminiuk
-
In the "General Tab" of pfBlockerNG are settings for the "Rule Order". This will allow you to organize your rules as you require.
Here is a thread to follow :
https://forum.pfsense.org/index.php?topic=86212.0
