PfBlockerNG rules is going downwards in the firewall rule everyday
-
Check the rule order setting in pfBlockerNG.
-
Thanks for the response. The rule order is configured this way. Please see the screenshot and please advise.
-
okay, it's right.
I believe to remember, I had the same issue at first after installing pfBlockerNG, but can't remember anymore what it fixed. I think, it was quite simple like changing the rule order to something else and save it and changing it back after or reinstalling the packet.
Give it a try. -
We are having three firewall's, all are facing the same issue.
-
Since you didn't bother with posting the firewall rules screenshot, just a generic note. You cannot fiddle with the automatic rules ordering manually. If you need manual ordering, then use one of the aliases options in Rule Action and create the rules yourself.
-
Sorry we missed that . Please have a look into the screenshot.
 -
This ain't firewall rules screenshot. Firewall rules are under Firewall - Rules. You already posted this.
-
Ah sorry we misunderstood that. Here is the attachment.Thanks.
 -
Wonderful. And - the problem is? I cannot see any problem there. It exactly matches pfBNG settings.
-
@souradip:
We have a pfBlockerNG rules , that is ordered as normal in the settings . The rule is automatically ordered downwards and we need to move it upwards in the firewall stack manually everyday at 12:00AM hours. Please help in this regards.
Which rule(s) are you moving each day?
-
We are moving the underlying rule in a daily basis at the top of firewall stack.
-
Yes. That is by design and as configured. Sigh.
-
What Souradip is saying is that he has to manually move the Block rule to the top after the automatic ordering routine fires. The ordering routine actually does not move the Block rule to the top. It moves it down. The screenshot he is presenting is to highlight the rule that has to be manually moved to the top ever night.
-
souradip roy,
Goto the IPv4 tab, and Click-Hold-Drag the Block rules to the Top so that they are first. Save.
Repeat that for the IPv6 Tab.
Then execute a "Force update"
-
souradip roy,
Goto the IPv4 tab, and Click-Hold-Drag the Block rules to the Top so that they are first. Save.
Repeat that for the IPv6 Tab.
Then execute a "Force update"
The issue was that a rule was created at Floating rule tab, and moved to the top, but once pfBlockerNG updates the rules. all the non-pfBlockerNG rules should be on the top were moved to the bottom, while all the pfBlockerNG rules were on the top, which shouldn't be. Thats the major issue using pfBlockerNG.
-
The issue was that a rule was created at Floating rule tab, and moved to the top, but once pfBlockerNG updates the rules. all the non-pfBlockerNG rules should be on the top were moved to the bottom, while all the pfBlockerNG rules were on the top, which shouldn't be. Thats the major issue using pfBlockerNG.
Dude. That is NOT how it works with what the OP configured. OMG… Select the proper option there. Not the one that puts pfBNG rules on the top by design. Really.
-
Hi ,
We are still in the same state of problem after following your advise. It would be very kind of yours if you can suggest any thing else to fix this.
Thank you in advance.
-
Yeah, you are in state of problem because you have selected the WRONG ORDER. Looks at the OTHER options there. Pick one that fits your needs. The one shown on your screenshots is NOT the one you want. Possibly you want this one instead:
-
Yeah, you are in state of problem because you have selected the WRONG ORDER. Looks at the OTHER options there. Pick one that fits your needs. The one shown on your screenshots is NOT the one you want. Possibly you want this one instead:
Don't know whether you have tested it or not before helping others. I had exactly the same rule order setting as you mentioned, BUT after pfBlockerNG updates its rules. the rules order at Floating rule tab were not right. All the non-pfBlockerNG rules supposedly on the top were moved to the bottom, all the pfBlockerNG rules were placed on the top.
-
The current setting is the default. Doesn't that option mean to keep the BLOCK/REJECT rules at the TOP? It is not doing that. It is MOVING THEM DOWN AUTOMATICALLY.
