Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alerts not being blocked

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 356 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xokia
      last edited by xokia

      I see a LOT of alerts that I would expect to be blocks. However If I check the block list I only see 3
      these for example I would expect a block 62.204.41.30, 83.97.73.245, 79.124.62.82 ect

      Should I not expect auto blocks? What am I missing. I have no IPs in my filtered whitelist

      cd0c2376-e5a6-4927-ab3f-00398d7c7c09-image.png

      64d189bb-24e9-4a9b-b8eb-60c66a979ec8-image.png

      94d2586e-fb3a-4d35-abea-ed2a9afa192d-image.png

      X 1 Reply Last reply Reply Quote 0
      • X
        xokia @xokia
        last edited by

        @xokia I think I may know what's going on. These are ageing out of the block list I had it set to 3 hrs. I increased it to 12 hrs

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @xokia
          last edited by

          @xokia said in Alerts not being blocked:

          @xokia I think I may know what's going on. These are ageing out of the block list I had it set to 3 hrs. I increased it to 12 hrs

          That was going to be my first question: what interval has been set for "clear blocked hosts"?

          When an IP has not seen any additional traffic during the interval set for clearing blocked hosts, then the cron task will remove that IP from the snort2c pf table.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.