Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfblocker on one computer

    pfSense Packages
    3
    12
    1219
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NotAnAlias last edited by

      I'm trying to use pfblocker for just one computer. By that I mean I want one computer that is only allowed to access ip addresses in the united states.

      Is this possible? I checked if pfblocker left some rules in the firewall rules so I could specify which computer for it to act on, but I didn't see anything.

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        pfBNG sorts the Maxmind Country files into a folder which you can use to create manual firewall rules.

        The specific folder/file is    /usr/pbi/pfblockerng-amd64/share/GeoIP/US_v4.txt

        So you can create a pfBNG Alias using "Alias Permit" with the above localfile in the URL field.

        Create a manual "Pass" firewall rule on the LAN Interface for this particular LAN IP that you want to allow outbound to US addressees only, using the created Alias above.

        Create a manual "Reject" firewall rule on the LAN to reject "any" ips,  below the "pass" rule for this particular LAN IP.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • N
          NotAnAlias last edited by

          @BBcan177:

          pfBNG sorts the Maxmind Country files into a folder which you can use to create manual firewall rules.

          The specific folder/file is    /usr/pbi/pfblockerng-amd64/share/GeoIP/US_v4.txt

          So you can create a pfBNG Alias using "Alias Permit" with the above localfile in the URL field.

          Create a manual "Pass" firewall rule on the LAN Interface for this particular LAN IP that you want to allow outbound to US addressees only, using the created Alias above.

          Create a manual "Reject" firewall rule on the LAN to reject "any" ips,  below the "pass" rule for this particular LAN IP.

          Under the ipv4 tab in pfblocker ng I created an alias called 'America' with these settings

          Then under the firewall rules under LAN I picked the source ip for my computer.

          Under destination I selected single host or alias

          I put America there, but it says it "America is not a valid destination IP address or alias."

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            I think you are doing it all wrong? You should NOT use "Permit both" but rather create an alias and use that alias in your own firewall rule(s) - with source and/or destination being that one computer, depending on inbound/outbound…

            1 Reply Last reply Reply Quote 0
            • N
              NotAnAlias last edited by

              @doktornotor:

              I think you are doing it all wrong? You should NOT use "Permit both" but rather create an alias and use that alias in your own firewall rule(s) - with source and/or destination being that one computer, depending on inbound/outbound…

              What do you mean exactly by create an alias and use that in firewall rules?  I just made an alias there in pfng, or do you mean another one under firewall aliases?. I could set the pfng alias to permit outbound instead, but I don't think it would really matter. If you could explain a bit more in depth, I think I'd be able to follow better.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                Dude. The "List Action" in pfBNG.

                1 Reply Last reply Reply Quote 0
                • N
                  NotAnAlias last edited by

                  I set it to Alias Permit

                  Then under the firewall rules it still doesn't know what pfb_America or America is

                  If anything looks wrong here, let me know https://dl.dropboxusercontent.com/u/46294175/pfsense/screencapture-192-168-8-1-pkg_edit-php-1438996251086.png

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned last edited by

                    Because that'd be pfBAmerica… Dunno, the damned alias box has autocomplete, and there are lengthy explainations in the pfBNG GUI... The pfb is for rule description.

                    When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description

                    Sigh.

                    Example of using this on WAN (with NAT):

                    Will only allow access via the NAT if the source does NOT match the pfBNG alias.

                    1 Reply Last reply Reply Quote 0
                    • N
                      NotAnAlias last edited by

                      It's not doing any sort of autocomplete for me on chrome.

                      Which alias box are you even referring to? Also where are rule descriptions? Is that the same as list description?

                      Seriously just point it out, and there's no need to be an ass about this. I've never used pfng, there's a lot of options.

                      https://dl.dropboxusercontent.com/u/46294175/pfsense/screencapture-192-168-8-1-pkg_edit-php-1438996793149.png

                      https://dl.dropboxusercontent.com/u/46294175/pfsense/screencapture-192-168-8-1-firewall_rules_edit-php-1438997003402.png

                      1 Reply Last reply Reply Quote 0
                      • BBcan177
                        BBcan177 Moderator last edited by

                        After saving the Alias, did you goto the Update Tab and select "Force Update". This will create the alias, you would then set this alias to update Once per week to keep the IPs in the alias in sync with Maxmind.

                        "Experience is something you don't get until just after you need it."

                        Website: http://pfBlockerNG.com
                        Twitter: @BBcan177  #pfBlockerNG
                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                        1 Reply Last reply Reply Quote 0
                        • N
                          NotAnAlias last edited by

                          @BBcan177:

                          After saving the Alias, did you goto the Update Tab and select "Force Update". This will create the alias, you would then set this alias to update Once per week to keep the IPs in the alias in sync with Maxmind.

                          Thanks a lot that worked

                          EDIT: I'm having issues using the not sign.

                          pfB_America works, but ! pfB_America is not recognized in the destination field.

                          I could just use two rules, so it's not that big of a deal.

                          EDIT: It works, thanks guys. I just used two separate rules instead of using '!'

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned last edited by

                            You do NOT put ! mark there. You tick the NOT checkbox.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post