Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Quick easy way to determine if an IP is on a pfBlocker-NG list?

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    2
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffhammett
      last edited by

      I have a number of block lists and geographic lists setup in pfBlocker-NG.

      Every once in a while I'll see an IP has been blocked and want to determine if it is on a blocklist from pfBlocker-NG and if so which one, is there an easy/quick way to do so? Right now I am just hovering over the rule and manually looking at the IPs, but this is tedious.

      Is there a log somewhere I can grep from the shell?

      Edit: and does pfBlocker-ng keep a log of recent revisions to the blocklists? So if I see something was blocked yesterday, but the lists have updated since then I can see which list it was on previously?

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        You should be able to see this in the pfBNG Alerts tab… v2.0 will have an improved lookup for CIDRs...

        You can also grep from the shell..

        cd /var/db/pfblockerng/deny/
        grep "^1.2.3.4" *

        Other examples:

        grep "^1.2.3" *
        grep "^1.2." *
        grep "^1." *

        add    | grep '/'  to only report CIDRs.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post