This is an old revision of the document!
Table of Contents
PFSense - pfBlockerNG - Install pfBlockerNG - Setup IP Blocking
IP Configuration
Navigate to Firewall → pfBlockerNG → IP.
In IP Configuration:
- De-Duplication: Checked
- CIDR Aggregation: Not checked
- Suppression: Checked
- Force Global IP Logging: Not checked
- Placeholder IP Address: 127.1.7.7
- ASN Reporting: Disabled
MaxMind GeoIP configuration
Navigate to Firewall → pfBlockerNG → IP.
In MaxMind GeoIP configuration:
- MaxMind License Key: Enter the MaxMind License Key. If you don't have a key, register for one on the Maxmind Site.
- MaxMind Localized Language: English.
- MaxMind CSV Updates: Not Checked.
IP Interface/Rules Configuration
Navigate to Firewall → pfBlockerNG → IP.
In IP Interface/Rules Configuration:
- Inbound Firewall Rules: WAN and Block.
- Outbound Firewall Rules: LAN and Reject.
- If you have more than one internal interfaces, press CTRL or CMD (for Mac users) and click on each interface to be included.
- Floating Rules: Checked.
- Firewall 'Auto' Rule Order: Select the top option.
- Firewall 'Auto' Rule Suffix: auto rule.
- Kill States: Checked.
Scroll to the bottom of the page and click the Save button.
NOTE: Floating rules are used here, as they keep all the pfBlockerNG rules in one place.
Otherwise each interface will have a copy of these rules and therefore harder to maintain.
Setup Custom IP Lists
IPv4
Navigate to Firewall → pfBlockerNG → IP → IPv4.
- Click the Add button.
- Give it a Name and Description.
Add in as many IP Source Definitions as needed.
Set:
- State: ON.
- Action: Deny Both.
- Update Frequency: Once per day.
For Example:
IPv6
Navigate to Firewall → pfBlockerNG → IP → IPv6.
- Click the Add button.
- Give it a Name and Description.
Add in as many IP Source Definitions as needed.
Set:
- State: ON.
- Action: Deny Both.
- Update Frequency: Once per day.
Return to Install pfBlockerNG or continue to Setup DNSBL Blocking.