PfBlockerNG
-
Clear the Firewall Log and start fresh. When you make Rule Changes, they can go out of Sync.
-
how do you show Rule column under system:firewall log?
System Logs: Settings:
Filter Descriptions and select "Display as Column"
Also make sure the logs are in reverse. First Checkbox at the top of the Settings page.
-
I still don't see the pfB_in under rules
-
OK I see it now, but still no update in widget
-
OK I see it now, but still no update in widget
Did you manually edit the pfBlockerNG Descriptions in the rules? the rules are auto-generated and need to start with "pfB_"
You should not need to edit the Descriptions as this will affect how the Widget reads the log files.
Edit:
If you uses "Alias" Type rules: make sure the Rule Description starts with "pfb_" Lowercase..There is a whole tech section in the IPv4/Alias tab, to describe how to do this.
-
not for the auto rule under the WAN interface, but for the manually added rule under the LAN I did add a description as by default it is blank.
update…
I deleted the manual rule and created an auto rule, now it works fine. thanks BBcan177 for a great package, what is the account to donate?
-
Manual rules are just fine as long as you RTFM and set the descriptions as required. The widget lacks paranormal skills, cannot match the hits unless the rules description is set properly.
-
I will be on that list to want to see it and test it bbcan..
-
I have to agree with doktornotor, most of the problems I'm seeing reported here could have been avoided by reading the instructions on each page. BB' worked hard to explain everything either above or below each choice. Example: "Headers" are required.
The 'Header' Field must be Unique
IE. A Blank "Header field" is not unique.
Read each page carefully and it will work. :)
-
thanks BBcan177 for a great package, what is the account to donate?
You can send a paypal to my email account, which is listed in the General Tab of pfBNG. I will put this towards v2.0 Development! :)
-
I have to agree with doktornotor, most of the problems I'm seeing reported here could have been avoided by reading the instructions on each page. BB' worked hard to explain everything either above or below each choice. Example: "Headers" are required.
The 'Header' Field must be Unique
IE. A Blank "Header field" is not unique.
Read each page carefully and it will work. :)
I totally agree with your both!!
Like I tell my privates, read the f$cking FM! And in the case of pfBlockerNG, the directions are there on every page.
Maybe the package needs a warning: for advanced and/or IT users only =D
-
As a person who is regularly caught explaining "in plain English" IT terminology, I see the problem somewhere else, and I'll play the devil's advocate here.
Someone has to bridge the engineer > user gap. I'm regularly caught in all three sides (including the middle-man), and I see the problem from every possible angle.
An example:
Engineer's thought process:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
(if you know that && means execute the following command when the previous one ends)User's thought process:
upgrade system nextHaving to set up aliases is not the point here. It's actually having to set up aliases that's the problem ;)
The engineer knows that in order to get to the next version, the system has to first know about that version (update), bring the system up to the last upgradable point before the actual jump to the next version to reduce the possibility of things going south (upgrade), then make the jump (dist-upgrade).
The user wants to upgrade the system and doesn't care about the process behind it.
Trust me, works a lot better when IT is cut out of the discussion. Think accounting. I don't actually care about the process to get to a result, as long as I get a result. Although I personally find it fascinating knowing how things work, not everyone does ;-)
Not saying any side is wrong btw, just laying out my thoughts for both sides to consider. group hug
-
@jflsakfja:
As a person who is regularly caught explaining "in plain English" IT terminology, I see the problem somewhere else, and I'll play the devil's advocate here.
-
Add them in the IPv4 tab like shown in picture below my post
![screencapture-192-168-1-1-pkg_edit-php (2).png](/public/imported_attachments/1/screencapture-192-168-1-1-pkg_edit-php (2).png)
![screencapture-192-168-1-1-pkg_edit-php (2).png_thumb](/public/imported_attachments/1/screencapture-192-168-1-1-pkg_edit-php (2).png_thumb) -
I have been using pfblockerNG for a few days now (v1.03), and I have been seeing extremely long boot times. The system hangs at configuring firewall for about 13 minutes before finally continuing and bringing up the system. I was able to ssh into the system, and it shows almost zero load with ~16 processes including top, until my ssh session freezes when the boot process completes.
This is very similar to the massive delay seen when trying to use the original pfblocker under pfSense 2.2.
I am using just the country block lists, and I am blocking all unsolicited inbound traffic from all the nations listed, except mine.
The behavior is very strange in that the system just seems to be idling, before it finally unsticks and completes the boot process.
Cheers,
Bennett -
Are you blocking the package repository from pfsense?
-
I am using just the country block lists, and I am blocking all unsolicited inbound traffic from all the nations listed, except mine.
Ugh. Yeah, so you are having aliases with billions of IPs for absolutely NO valid reason, since all those are already blocked by default deny, just without this huge overhead.. And wondering why it's slow and takes ages to configure the rules? Sigh. :( :'(
Lets try again:
pfSense is a stateful firewall by design. By default all Inbound is set to Deny (implicit).
So the only reasons to have Deny Inbound or Deny Both, is if you have Open ports that you would like to protect. Most often a "Deny Outbound" is sufficient. If you wish to log activity that is hitting your firewall then you can set "Deny Both". This is a generalization. You need to think about your needs in your network first.
-
I have been seeing extremely long boot times.
This is very similar to the massive delay seen when trying to use the original pfblocker under pfSense 2.2.
Hi Bennett,
With Nano and Ramdisk installs, the /var/db folder is being cleared on reboot. I moved the Country files to the PBI folder, but the final Aliastables are still in the /var/db folder. I have to get the Devs involved to find the best solution for this issue.
-
pfSense is a stateful firewall by design. By default all Inbound is set to Deny (implicit).
So the only reasons to have Deny Inbound or Deny Both, is if you have Open ports that you would like to protect.
That's absolutely clear, but what if we do have Open ports? Which settings will be recommended and considered sufficient in this case? For example, I have some TCP ports open (for ssh, OpenVPN) and UDP (for IPSec), even now when I have entire Asia blocked I see occasional connection attempts in both IPSec and OpenVPN logs.
-
That's absolutely clear, but what if we do have Open ports? Which settings will be recommended and considered sufficient in this case?
Do it the other way round! Whitelist, not blacklist! A single-country whitelist is a whole LOT smaller than the entire-world minus one country blacklist.