Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFBlockerNg Questions

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    6
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deanot
      last edited by

      How are you guys running PfBlockerNg? Do you use or block every country or just certain ones?  Right now I am mainly using the top 20 and denying inbound, not really sure how to correctly set this up, but I am seeing constant ICMPs, port scans from China mostly, some Russia and so on.

      Just trying to get a feel on what to look for, what to have set and how to have PfBlockerNg block repeat offenders correctly.

      Many thanks.

      PFSense System Specs.
      –---------------
      Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
      4 CPUs: 1 package(s) x 4 core(s) 4 port HP Branded Intel Ethernet Card

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Hi deanot,

        Here are some posts to help…

        https://forum.pfsense.org/index.php?topic=86212.msg486644#msg486644
        https://forum.pfsense.org/index.php?topic=86212.msg505565#msg505565
        https://forum.pfsense.org/index.php?topic=86212.msg501258#msg501258

        If you do have any open ports, you can use the new feature "Adv. Inbound Firewall Settings".

        But in a nutshell... Its not recommended to block the world... Also pfBlockerNG is more than a country blocker... There are several good Lists that publish known malicious IPs that you can block ... But everyone thinks to block the inbound, when they should be focusing on the Outbound primarily... And Inbound only on open ports.

        Link to IP Lists that are available...
        https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • D
          deanot
          last edited by

          I appreciate your help, I am off to read on the links that you provided.

          PFSense System Specs.
          –---------------
          Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
          4 CPUs: 1 package(s) x 4 core(s) 4 port HP Branded Intel Ethernet Card

          1 Reply Last reply Reply Quote 0
          • D
            deanot
            last edited by

            BBcan177, you mentioned using PFBlocker just to block inbound on open ports, I can see how to add ports to an alias, but how do I use PFBlocker to only use the alias ports?.  Is there a walkthrough around or could you explain a little please?

            Many thanks.

            @BBcan177:

            Hi deanot,

            Here are some posts to help…

            https://forum.pfsense.org/index.php?topic=86212.msg486644#msg486644
            https://forum.pfsense.org/index.php?topic=86212.msg505565#msg505565
            https://forum.pfsense.org/index.php?topic=86212.msg501258#msg501258

            If you do have any open ports, you can use the new feature "Adv. Inbound Firewall Settings".

            But in a nutshell... Its not recommended to block the world... Also pfBlockerNG is more than a country blocker... There are several good Lists that publish known malicious IPs that you can block ... But everyone thinks to block the inbound, when they should be focusing on the Outbound primarily... And Inbound only on open ports.

            Link to IP Lists that are available...
            https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975

            PFSense System Specs.
            –---------------
            Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
            4 CPUs: 1 package(s) x 4 core(s) 4 port HP Branded Intel Ethernet Card

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              Hi deanot,

              The instructions to use the "Adv. Inbound Settings" are here:

              https://forum.pfsense.org/index.php?topic=86212.msg524957#msg524957

              Don't forget to change the "protocol" setting from "any" to "tcp/udp" or as required…

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • D
                deanot
                last edited by

                Thank you again, I was attempting it but got confused with all the settings.  I shall go and read, many thanks again….

                PFSense System Specs.
                –---------------
                Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
                4 CPUs: 1 package(s) x 4 core(s) 4 port HP Branded Intel Ethernet Card

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.