Netgate SG-1000 microFirewall

Author Topic: pfBlockerNG & Firewall Aliases  (Read 244 times)

0 Members and 1 Guest are viewing this topic.

Offline code4u

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
pfBlockerNG & Firewall Aliases
« on: January 14, 2018, 05:52:21 pm »
I created a Firewall Alias IP list for IP addresses that I need whitelisted. I use it in different places in pfSense. How do I use that Alias list in the pfBlockerNG's IPv4 list? (I don't want to type that list again in the "IPv4 Custom list" field.)

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 716
  • Karma: +96/-2
    • View Profile
Re: pfBlockerNG & Firewall Aliases
« Reply #1 on: January 14, 2018, 06:09:50 pm »
Go to Diagnostics / Tables, select the Alias name, copy , paste in you pfblockerNG table IPv4 Custom list

You could also use a local file. Click on the "i" infoblock when you are in the pfblockerng ipv4 table.
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.3_1

Offline code4u

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG & Firewall Aliases
« Reply #2 on: January 14, 2018, 06:31:53 pm »
The Firewall Alias list doesn't show up in "Diagnostics / Tables". In fact, only 1 out of my 3 Aliases lists shows up in "Diagnostics / Tables". Why is that?

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 716
  • Karma: +96/-2
    • View Profile
Re: pfBlockerNG & Firewall Aliases
« Reply #3 on: January 14, 2018, 08:04:49 pm »
Got the same issue here ... not all Aliases are in Tables

But when reading
Quote from: Diagnostics / Tables
Aliases become Tables when loaded into the active firewall ruleset. The contents displayed on this page reflect the current addresses inside tables used by the firewall.
You could define a "dummy" FW rules with your alias.  ;)
« Last Edit: January 14, 2018, 08:10:36 pm by RonpfS »
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.3_1

Offline code4u

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG & Firewall Aliases
« Reply #4 on: January 14, 2018, 11:18:15 pm »
Maybe the "dummy" Firewall rule will work (create the table of IP addresses so that it can be copied), but I'm surprised that the pfBlockerNG module doesn't allow using already created Firewall Aliases lists. It doesn't make sense. How can we submit a feature request?

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 716
  • Karma: +96/-2
    • View Profile
Re: pfBlockerNG & Firewall Aliases
« Reply #5 on: January 14, 2018, 11:49:39 pm »
There is probably some php system call available somewhere, look at the doc or open a question in General Questions or Firewalling sections of the forums.
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.3_1

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +821/-5
    • View Profile
    • Click for Support
Re: pfBlockerNG & Firewall Aliases
« Reply #6 on: January 15, 2018, 09:36:20 pm »
If you use pfSense Aliases, they are not accessible as a table unless you use the URL Table IPs option... Otherwise the IPs are stored in base64 format in the pfSense config.xml file
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |