Netgate SG-1000 microFirewall

Author Topic: Firewall Rules Order  (Read 599 times)

0 Members and 1 Guest are viewing this topic.

Offline chudak

  • Full Member
  • ***
  • Posts: 108
  • Karma: +2/-0
    • View Profile
Re: Firewall Rules Order
« Reply #15 on: January 16, 2018, 02:53:33 pm »
You can always add the pfSense Blocked IPs to a pfBlockerNG customlist instead.... Then no need for a different Rule order option.... Plus these IPs will be deduplicated with the other IP Feeds in use...

I guess I don't know how to make it happn and you can elaborate a bit.
I have  rules like this =>  https://snag.gy/HceE21.jpg
(One rule allow DNS to pfSense only and other block all non pfSense DNS quires)

When pfBlockerNG updates or reloads and resorts rules it actually inserts  pfBlockerNG rules before pfSense block DNS rule.

I tried all options, including using Floating Rules in pfBlockerNG and so far found no remedy (logged a feature request that I believe would help https://redmine.pfsense.org/issues/8279).

So @BBcan177 pls elaborate.
« Last Edit: January 22, 2018, 07:28:31 pm by chudak »

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +821/-5
    • View Profile
    • Click for Support
Re: Firewall Rules Order
« Reply #16 on: January 23, 2018, 05:25:42 pm »
You can create a new alias in pfBlockerNG and add "0.0.0.0" which is equivalent to "any" IP, into the custom list...

Then edit either the Advanced Inbound or Outbound Firewall rule settings to configure the balance of the rules options...

You can then define this Alias Action setting to Permit or Block...

You can drag the Aliases from the IP tab to re-order as you wish.

Also as stated above, you can use "Alias Type" rules and create all the rules manually.
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline chudak

  • Full Member
  • ***
  • Posts: 108
  • Karma: +2/-0
    • View Profile
Re: Firewall Rules Order
« Reply #17 on: January 24, 2018, 08:06:29 am »
You can create a new alias in pfBlockerNG and add "0.0.0.0" which is equivalent to "any" IP, into the custom list...

Then edit either the Advanced Inbound or Outbound Firewall rule settings to configure the balance of the rules options...

You can then define this Alias Action setting to Permit or Block...

You can drag the Aliases from the IP tab to re-order as you wish.

Also as stated above, you can use "Alias Type" rules and create all the rules manually.

Thank you!  But I have more questions then answers to those steps, need more info.

It seems overall the rules order in combination with pfB has room for improvement  :D