Potential regex bug with IPv4 Bogon parsing
-
We received a complaint from another ISP claiming we were blocking their range. The range in question is 185.149.252.0/22.
A look at the Firewall logs revealed a surprise: it was being blocked because it was on the list of Bogon networks. I couldn't believe it so I looked at the list of Bogons myself but I couldn't find a CIDR that would match. I'm referring to the list that pfSense updates from, found here:
https://files.pfsense.org/lists/fullbogons-ipv4.txt
I had to temporarily disable Bogon filtering in the Rules section, to allow this ISP's customers to reach machines behind our firewall.
Is this a bug in how pfSense Bogons are parsed? There's a range in there that's close: 185.1.128.0/17
Is it possible a parsing bug associates the ISP's range with this Bogon network above?I didn't want to submit a full bug report before confirming it here first, on the forum.
Thanks!
-
I don't see how that could happen if you go under diag, tables you can look at the bogon table - what is in there? I don't see this 185.149 - you sure that was his IP he was coming from? You saw it in the logs for blocked bogons?
-
Your local copy of that file may be out of date. Check Diagnostics > Tables, and pick bogons there. Click the update button to refresh your local copy.