 So let's talk about another PFSense package to help keep your network free from people banging away at it from overseas, which is actually a problem we have. So I have several servers I host and I don't only care about the people that I want getting into my server, mostly that's me and some of the other things we host that are for remote access for some clients that is in my server stack. So we use PF Blocker NG. And what PF Blocker NG does, the standard package, you go through the package manager, find it, install it. It's really a easy way to create lists of overseas or just IP address lists that you don't want to have accessing your system. So it has a firewall rule where it drops them. Now it installs not under a service because the PF Blocker is not a service. It is a firewall rule that actually by default trumps all the other rules. So the rule order goes, and this is the default install, PF Blocker, reject all other rules. And you can change that too. You can actually let your rules go through and then let them decide, leave it at the default unless you have some special use case to set it up otherwise. So it installs. I've got it enabled to update it. You just run the update. It'll do this automatically afterwards. They'll tell you when the next scheduled one is running. And this grabs all the different files. Now let me show you the files that it's grabbing. This is it's really just a series of lists. So here's the list of files that it downloads. Let me just dump one real quick. And you can see it's just a list of IP addresses and site or notation and the blocks of addresses that they're blocked. Now what this does is updates every so often. Let me slide it out of the way. This updates every so often to create these lists and keep them up to date. That way you always have the latest groups of IP addresses. Now this is important because one of the things that happened with Microsoft was as they spun up their Azure service because they're kind of late in the game, they didn't have enough IP addresses for everything. So they started buying back IP addresses from other countries. Well by doing that, those were assigned to other countries. Now they're assigned to local use for Microsoft. So you got to make sure that these lists get updated because the internet is ever evolving and ever changing with its limited number of IPv4 addresses. Now this does block IPv6 as well if you're running that. So both are available. We're only running right here in my area just IPv4. That's all that I'm going to really talk about. But it's the same thing for both. There's not much more you have to do other than make sure your system is running on that. Now I do not have the reputation part. You can have it create block lists. And those block lists from there are because it will look at IPs and ranges that keep hammering away at something and say, I'm just going to block that list. That can be problematic because they can end up accidentally blocking something that's coming from Comcast. And I have someone from Comcast coming out of that same area trying to log in remotely to a server. So I just kind of skip those ones. They can lead to a lot of false positives. All right. So to build the list, we're going to start with GOIP. And they have a top 20 list, Africa, Antarctica. Got to make sure we block them penguins. And you can decide what you want to do. So I just hit control A, but you could be real selective in case you go, okay, I know I have something that I want in here. Now none of these like the top list here have the US in there. So it makes it easy for me. And you do the same for the IPv6. Now then you choose a list action and you want deny inbound, deny outbound, deny both. I only really want deny inbound connections coming from there. You can set it up to also create blocking rules on your land for denying some of the outbound connections. If you so do so, but you will possibly create lots of problems every time you try to connect to a server that's in another country. And even when I was playing with some of the other things, there's a lot of connections going everywhere with all the different content delivery networks. So it's probably best that you just work on the inbound. And I do have a logging turned on then you click save. Now for each one of these, you can specifically go in each category. And like I said, even Antarctica has one. And you set this on there for North America. I have everything but these pieces here installed that way. It's not going and blocking any of the US people because I want them to come in here. So deny inbound and enable. That's the basics for getting it set up. And now let's talk about how it works. So by default, firewall rules are dropped anyways when they come in unless you have a rule to permit traffic. So your firewall automatically denies the rules unless there's a pass rule. But this is where PF Blocker gets in. And let's go to the logs. And we're going to go to firewall. And right now I'm on my test unit and I'll have to obscure some information. I'll show you the live one in a second here. But you want to add some information here so you understand what blocks are happening. So you go to firewall, you go to settings, scroll down, display as a column by default. It doesn't do a description as to why it blocks something. So it would just say drop. So now we're adding the information. So it's just default deny rule or block all IPv6 and other settings I have in here. So let me jump over to my live one. And now you can see the rules here. And what it's doing is it's telling me that this is blocked and what I did is I filtered for port 22. So I have a rule actually open on port 22 for this destination. But because the PF Block says no, this is part of the Europe you blocked, Asia you blocked. And you can see that these are all what just, I don't know, sometimes seconds apart. That's how much they are just hammering away on my SSH port that I have open. I mean, I've got it secured. I've got it hardened. I only have it accepting keyed authentication, but this is yet one more thing. So they're not doing as much traffic on it because most of these are just foreign sites, scan it away for things and looking, you know, to see if there's an open and creating a lot of noise and traffic on your rules. But the nice thing is they see nothing and they move on. You don't get listed as a potential to attack later. So it's really just decreasing your threat surface is what a lot of the PF Block does. And if you're not, if you don't need to have people SSH seen in from overseas or from Asia or Antarctica, then you can use this and on there. And if you want to make exceptions, there's ways you can make exceptions. You just unblock that specific country. Definitely, if you want to have less potential traffic or less potential sources for problems, do go ahead and install a PF Block or NG. Thanks.