pfBlockerNG IPV4 problem
-
I'm having an issue with the IPv4 custom lists in pfblockerNG. I have 2 lists, a whitelist that allows good sites in even if they show up in the geoIP section, and a blacklist that denies all inbound. For some reason the whitelist policy gets a firewall rule created with the proper IP's in it. The blacklist rule always only has 1.1.1.1 despite quite a few more IP's and IP ranges in the ruleset. The only difference I can find between the blacklist and whitelist rule are the action. Deny_inbound vs Permit_inbound.
For instance.. my IPv4 alias is "BlacklistIPRanges" and it has the following in it:
45.150.206.0/24
77.40.2.0/24
77.40.3.0/24
141.98.80.79/32When I force an update and go look at the rule that gets generated under firewall, the only IP in the rule is 1.1.1.1
Again, the whitelist rule works perfectly and updates properly.
-
I assume it does actually have 1.1.1.1 in it?
Is that just as a test because that's an odd IP to block inbound?
Steve
-
Sorry for the long delay on the answer.
Yes and no. The IP's in that list are blocked in both directions, not just inbound. So 1.1.1.1 is in there blocked OUTBOUND so that nothing on my network uses DoH. But just to be sure... I took 1.1.1.1 out of the list and ran an update and the rule that gets created still has ONLY 1.1.1.1 in it.
-
So the alias is populated correctly but the rule is not generated correctly against the alias?
Can we see a screenshot showing that?
How do you have the pfBlocker rule creation configured?
Steve
-
@stephenw10
Yes. The alias seems to be correct, but the rule only gets generated with 1.1.1.1 even when I have removed 1.1.1.1 from the custom IPV4 list.Whoops.. looked at wrong place. I have created a MANUAL alias that does what I need until I get this working. The alias created by the custom IPV4 rule is a url pointing to a file on the pfsense. What is the location of that file so I can check it manually?
-
Here are the screenshots you requested.
-
You can looks in Diag > Tables to see how that URL alias has been populated but it should be the same as the mouse-over which implies it's not populating.
You can see the files in /var/db/aliastables/.
Run a manual update in pfBlocker and check the logs.
Steve
-
Tables does show only 1.1.1.1. I also ran manual update again... still showing 1.1.1.1. Log is below.
Manual update log
UPDATE PROCESS START [ 12/07/20 16:14:22 ] Clearing all DNSBL Feeds... ** DNSBL Disabled ** ===[ Continent Process ]============================================ [ pfB_Africa_v4 ] exists. [ pfB_Africa_v6 ] exists. [ pfB_Asia_v4 ] exists. [ 12/07/20 16:14:23 ] [ pfB_Asia_v6 ] exists. [ pfB_Europe_v4 ] exists. [ pfB_Europe_v6 ] exists. [ pfB_NAmerica_v4 ] exists. [ pfB_NAmerica_v6 ] exists. [ pfB_Oceania_v4 ] exists. [ pfB_Oceania_v6 ] exists. [ pfB_SAmerica_v4 ] exists. [ pfB_SAmerica_v6 ] exists. ===[ IPv4 Process ]================================================= [ WhitelistIPRanges_custom ] exists. [ WhitelistDomainName_custom ] exists. [ BlacklistIPRanges_custom ] exists. ===[ Aliastables / Rules ]================================ Firewall rule changes found, applying Filter Reload UPDATE PROCESS ENDED [ 12/07/20 16:14:24 ] -
Sorry, try running full re-load there not update.
-
Aha, that got it! I still don't know why the cron task ORIGINALLY was not updating the full list. But once I started using my manual disable list, I turned cron off because it kept changing my rule order. I will turn cron back on and make a change to the list then report tomorrow if it updates properly on its own.
-
@rtkluttz said in pfBlockerNG IPV4 problem:
it kept changing my rule order.
If Auto Rules doesn't fit your setup, use Action : Alias and create your own FW Rules with these aliases.
-
Ok, the cron ran, but it is not picking up changes to my IPv4 blacklist. I have the blacklist set to update frequency of once per day and the overall cron settings on the general tab is set to once per day. But if I make any change to the custom IPv4 deny list, they don't show up unless I do the force with complete reload option ticked. Is this correct? I don't mind having to do that every time, but it makes me wonder if it is never truly picking up changes from maxmind either unless I hit the reload option.
-
What Cronjob is it running? It certainly should be updating that.
-
The one that gets enabled by the cron settings on the general tab and the one in the list itself is the only way I know how to answer you.
-
Ok so try setting the update interval to something less than the reload interval. Like it says there: 'within the Cron Interval'.
Steve
-
Ok, to get a faster picture on if it was working... I set the general tabs schedule to once every 2 hours and set the blacklist custom list update time to 1 hour. After making those changes and saving it, I edited the custom list and then left it for 3 hours or so. It still did not update on its own.
-
Hmm, check the crontab. You can use the Cron package to do that via the GUI.
-
@rtkluttz said in pfBlockerNG IPV4 problem:
Upgrade to pfBlockerNG-devel.
