I’ve been using pfBlockerNG for a while now, and it works great for blocking connections that I don’t want. In my HomeLab I block the PRI1 blocklists but I also block unrequested inbound connections to any port forwards. I block all countries except australia (where I am located). I ran into a problem, as when Plex accounts connect from outside the network, they come from america. So I needed to put the Plex port above the auto created rules. This turned out to be a little more difficult than expected.

I am assuming you already have pfBlockerNG already setup and working how you like.

The workaround I round was to copy the auto rules and then set pfBlocker to alias mode only. This is where it creates the alias lists of IP addresses but doesnt create the rules.

Copy your auto rules

  1. Log into pfSense and go to Firewall -> Rules -> Wan
  2. Select the Copy button next to the first rule.
  3. Go to the extra options section and change the Description. Remove the “auto” and change “pfB” to “pfb”
  4. Do this for each Auto rule that you have from pfBlockerNG

Turn off pfBlockerNG auto rules and sorting

  1. Go to Firewall -> pfBlockerNG
  2. Select IP -> IPv4
  3. Change the Action to “Alias Deny”
  4. Select GeoIP 
  5. Change the Action to “Alias Deny”
  6. Select Update and press “Run”. This updates pfBlockerNG and it will remove the auto rules, leaving your coppied rules in place.

Re Order your rules

  1. Go back to Firewall -> Rules -> Wan
  2. Now when you rearrange your rules, you will be able to place rules above the pfBlockerNG rules. Just be careful to only put rules you want excluded above the pfBlockerNG rules. I would also add some seperators to organise the list.