pfblockerng.log and de-duplication ?

jrey

in the log file for the last day or so I'm seeing a few, combination of individual IP addresses and ranges /24 /22 in the log between these lines.
not really clear what or why they are listed here. Are these duplicates or does their presence here mean something else?

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check
(IP Addresses are listed in this space)

Sync check (Pass=No IPs reported)

Thanks

jrey

I've confirmed that are in fact duplicate IP addresses or blocks that have started to appear in multiple lists (both in original and deny directories.)

for example
grep -i 89.42.154.0 /var/db/pfblockerng/original/*

/var/db/pfblockerng/original/ET_Block_v4.orig:89.42.154.0/24
/var/db/pfblockerng/original/Spamhaus_Drop_v4.orig:89.42.154.0/24 ; SBL493675

grep -i 89.42.154.0 /var/db/pfblockerng/deny/*

/var/db/pfblockerng/deny/ET_Block_v4.txt:89.42.154.0/24
/var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt:89.42.154.0/24

All good - that's what I wanted to know. Must be new logging in the latest update. I've not seen the duplicates listed before. (or maybe the duplicates just started appearing)

A line specifically saying that in the log might be helpful.

SteveITS

@jrey I think that’s the “uniq[ue] check.”

Note if using Alias Deny pfB will dedupe across the deny lists, even if used for different rules. Might be what you’re seeing given the label. Alias Native does not.