Hi Tom / all, (FTPLTL)
I’m enjoying pfsense on a SG-1100*!* I have found that pfBlockerNG is a great tool but want to master whitelisting.
The default order of automatically added files the pfB country reject rules for GeoIP come before the pfB_AllowList rule (which has an alias of whitelisted domains set in DNSBL ‘custom domain whitelist’). The whitelist is overridden by the country reject rules because of the order.
I can change the ordering in the pfBlockerNG > General tab > ‘Interface/Rules Configuration’ > Rule Order:
Default is - pfB_Block/Reject | All other Rules | (original format), which is a problem if you want to block a country except specific domains.
I changed to - pfB_Pass/Match | pfBBlock/Reject | pfSense Block/Reject | pfSense
This seems to work for me, the pfB_AllowList is moved to the top of the list of rules. This seems contrary to the culture of block things then permit from what is left. What do others do, what is your thinking?
Tom - A video on it would be cool. There are so many ways to whitelist, I may have the wrong idea?