pfBlocker-NG introduces an Enhanced Alias Table Feature to pfSense.
What it allows:
Assigning many IP address URL lists from sites like I-blocklist to a single alias and then choose a rule action.
Blocking countries and IP ranges.
Replacment of both Countryblock and IPblocklist by providing the same functionality, and more, in one package.
Uses native functions of pfSense instead of file hacks and table manipulation.
Dashboard widget with aliases applied and package hit
Lists update frequency
Many new options to choose what to block and how to block.
Network lists may be used for custom rules.
Set the interfaces to be monitored by pfBlocker-NG (both inbound and outbound), where the inbound is the Internet connection.
To prevent devices or users from accessing sites in the selected countries/IP addresses, select local interfaces under outbound.
Setting up Lists¶
This is the IPBlocklist feature, enter IP addresses here to specifically block. It must be in the file format or CIDR. Create a list for each type of action to be taken by pfBlocker.
Deny Both - Will deny access on Both directions.
Deny Inbound - Will deny access from selected lists to the local
Deny Outbound - Will deny access from local users to IP address lists
selected to block.
Permit Inbound - Will allow access from selected lists to the local
Permit Outbound - Will allow access from local users to IP address
lists selected to block.
Disabled - Will just keep selection and do nothing to selected Lists.
Alias Only - Will create an alias with selected Lists to help custom
The rest of the tabs (except sync) specify the other lists included with the package. They are separated by continent with the exception of the spammer list which contains countries from around the globe that are known to harbor spammers.
Sync tab configures pfBlocker to sync its configuration to other pfSense devices.
Spamhaus - DROP and EDROP.
DShield - Most Active Attacking IPs.
iblocklist.com - A number of lists are available.
- I’m getting memory errors while applying pfblocker lists, how to fix this?
Increase table size to avoid memory errors in Advanced settings.
- I can’t see any pfblocker rules applied, whats wrong?
pfblocker requires at least one firewall entry (any interface) for it to be active. One way to verify is to check the front page widget.
- pfBlocker always moves its rules to the top, how can I stop this?
Change rule action to Alias only and then apply custom rules using pfBlocker aliases with an arbitrary sequence.
- How can I apply pfBlocker lists in floating rules?
Aliases are used for customized filter entries and float rules.
You can find a list of known issues with the pfBlocker-NG package on the pfSense bug tracker.