Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblocker NG help

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CyClore
      last edited by

      I read through 36 pages of the PFBlockerNG and didn't see my answer so I thought I would start a new thread.

      Basically I ran the original PFBlocker with no issues.  If worked great!  I noticed spam started going up.  I looked and they were connections from other than the United States.  No matter what I do, I can't get pfblockerNG to actually block the countries.

      I want just a basic configuration just like the original pfblocker.  Can someone please tell me how I can set it up simple without all the new stuff in it?  Basically I just want only the US and Canada and deny everything else.

      1 Reply Last reply Reply Quote 0
      • C
        CyClore
        last edited by

        I just did a complete re=install without saving changes.  I selected all the countries I wanted to block except for the US and Canada as a test.  I also selected to deny both on all of them.  I then enabled pfblocker.  I still see incoming traffic from outside the US and Canada.  All other setting weren't touched.

        What am I missing here?

        1 Reply Last reply Reply Quote 0
        • C
          CyClore
          last edited by

          Sorry for all the bandwidth…  I think I FINALLY got it going.  I forgot to say that I did have the inbound interface set to WAN and the outbound set to LAN.

          I did a reload on the cron, Not a Force and went into the rules and they there were.  I look at some other PFSense boxes I have and they are not there on those so I think it is time to start from scrath on them as well.  Again, sorry for the bandwidth.  I figured it had to be something simple.

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Hi CyClore, in order to "apply" changes, you need to select "Force Update". Using "Force Cron" would still work, but "update" is the correct method.

            Looks like you have it working now. Let us know if you have any other questions.

            pfBlockerNG is more than a country blocker, there are several blocklists that will help to block malicious attempts. Both the US and CA have spammer activity. I posted several sources of lists in the "pfBlockerNG" thread. For Mail servers, there are several others that can be used to minimize spam mail. I've managed to reduce my Spam by over 95%.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              I would also suggest reading this thread:

              https://forum.pfsense.org/index.php?topic=90092.msg498849#msg498849

              Best to create a "permit inbound" alias for CA and US. Then manually create a firewall rule using this alias and using the IP/ports of your mail server.

              Not recommended to put all countries except a few in blacklists as pfSense is a stateful firewall by design.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.