Pfblocker … is this normal after 3 hours of uptime



  • My pfsense server Uptime 03 Hours 34 Minutes 04 Seconds
    Look how many packets from Asia, Africa, Europe
    It appears that I'm being targeted… or is this normal ???


  • Banned

    First of all, your setup is not normal. Stop using pfBlockerNG to "block the entire world minus one country". Absurd. Been covered endless times. There's a default deny rule on WAN. There's NO need to do things like this.



  • Sometimes you have to block the whole world except for a couple of countries. Such as when you're running multiple websites for a business which is regulated. Or in our case multiple  Mail servers.

    Actually those numbers are low. if I see less than 1000 hits on each of our firewalls which we have two it's a slow day LOL


  • Banned

    @trinidadrancheria:

    Sometimes you have to block the whole world except for a couple of countries. Such as when you're running multiple websites for a business which is regulated.

    No. The correct approach there is to whitelist the countries you need. NOT blacklist all the rest. Again, absurd overhead.



  • Do you have any examples such as we only allow US Canada and Australia.

    And by the way Dr. thank you for all your work you are making PF sense a great product.


  • Banned

    @trinidadrancheria:

    Do you have any examples such as we only allow US Canada and Australia.

    Well yes, of course.

    1/ Create a custom list like this:

    2/ Use the pfB_CC_WHITE_V4 (or whatever else you named it, prefixed by pfB_) as alias in source field in your firewall rules to allow access.

    (Can do the same for IPv6 of course, just use _v6.txt in the path to file.)



  • Cool! You just saved me and anyone reading this thread a lot of overhead. Thank you very much.



  • Thanks so much!!!  I was worried that everyone was out to get me or I had the door open on my firewall and attracting all sorts of unwelcome guests!



  • at least for me cc list can be found in this path:

    /usr/pbi/pfblockerng-amd64/share/GeoIP/cc/
    

  • Banned

    The above applies to what's distributed from official package repository. Not any -dev versions from private repos.



  • Thank you for clarification.

    Can you please let us know where is the path - file for alias list already defined manual in Firewall: Aliases: IP … which I can see in Diagnostics: Tables ... ?

    I try to search for defined alias name to find the path where file is saved/stored but no success.

    I'd like to add few of that aliases defined there to pfblocker whitelist.

    thx.


  • Banned

    Nowhere as file. It's stored in config.xml. You cannot use pfSense aliases like this, not even sure what'd be the purpose. The ONLY purpose of the exercise described above is to create an alias usable with firewall rules – which you already have.



  • My only reason was to automate the work so I will not have to manual add IP I already have from aliases-firewall to pfb alias-Custom Address.

    I understand, thank you.



  • Thanks. Worked good…

    With all the PFSense boxes and WAN interfaces and firewall rules we use, I did it the lazy way :P
    I defined the alias as in this thread, then created a rule for each interface above the other rules that was a block if NOT the allowed Countries. Also kept it simple for troubleshooting.



  • I kept doing the wrong thing and "blocking the whole world" and didn't know HOW to do this. Thank you all for helping me understand! :) Smarter not harder!



  • @damelloman said in Pfblocker … is this normal after 3 hours of uptime:

    I kept doing the wrong thing and "blocking the whole world" and didn't know HOW to do this. Thank you all for helping me understand! :) Smarter not harder!

    We all as newbies did this only to learn later that it made no sense.


Log in to reply