Pfblocker NG help

  • I read through 36 pages of the PFBlockerNG and didn't see my answer so I thought I would start a new thread.

    Basically I ran the original PFBlocker with no issues.  If worked great!  I noticed spam started going up.  I looked and they were connections from other than the United States.  No matter what I do, I can't get pfblockerNG to actually block the countries.

    I want just a basic configuration just like the original pfblocker.  Can someone please tell me how I can set it up simple without all the new stuff in it?  Basically I just want only the US and Canada and deny everything else.

  • I just did a complete re=install without saving changes.  I selected all the countries I wanted to block except for the US and Canada as a test.  I also selected to deny both on all of them.  I then enabled pfblocker.  I still see incoming traffic from outside the US and Canada.  All other setting weren't touched.

    What am I missing here?

  • Sorry for all the bandwidth…  I think I FINALLY got it going.  I forgot to say that I did have the inbound interface set to WAN and the outbound set to LAN.

    I did a reload on the cron, Not a Force and went into the rules and they there were.  I look at some other PFSense boxes I have and they are not there on those so I think it is time to start from scrath on them as well.  Again, sorry for the bandwidth.  I figured it had to be something simple.

  • Moderator

    Hi CyClore, in order to "apply" changes, you need to select "Force Update". Using "Force Cron" would still work, but "update" is the correct method.

    Looks like you have it working now. Let us know if you have any other questions.

    pfBlockerNG is more than a country blocker, there are several blocklists that will help to block malicious attempts. Both the US and CA have spammer activity. I posted several sources of lists in the "pfBlockerNG" thread. For Mail servers, there are several others that can be used to minimize spam mail. I've managed to reduce my Spam by over 95%.

  • Moderator

    I would also suggest reading this thread:

    Best to create a "permit inbound" alias for CA and US. Then manually create a firewall rule using this alias and using the IP/ports of your mail server.

    Not recommended to put all countries except a few in blacklists as pfSense is a stateful firewall by design.

Log in to reply