Disable action does not work ?

Gertjan

My turn :

I went to GeoIP
I enabled a feed

Like this :

Saved
Ran force reload

I had these 4 new firewall rules on my Floating page :

I removed the GEOP feed, saved, ran force reload.

The four firewall rules (see above) on the floating page were gone.

Btw : Normally, I do not use the GEOIP feeds, as I'm not hosting any web or mail server / I'm not letting anything in (well, I do, but these are limited using known source IP addresses).

chudak

@gertjan

I removed the GEOP feed, saved, ran force reload.

Ho did you "remove" it? I see only option to "disable" for GeoIP (unlike for IPv4 they can be deleted)

Gertjan

Disabled is like removed (for me).

chudak

@gertjan said in Disable action does not work ?:

Disabled is like removed (for me).

Got it! That's helpful.
Just to confirm - after you disabled GeoIP feed the corresponding FW rules were removed as well ?

This is what I expect, but don't see happening!

Gertjan

@chudak said in Disable action does not work ?:

Just to confirm - after you disabled GeoIP feed the corresponding FW rules were removed as well ?

I confirm.

Did you hit the save button(see image above) ?

edit : this button :

chudak

@gertjan

That reminds me

My Cousin Vinny

on 0:17

"I am positive"

:)
@BBcan177 FYI

chudak

@gertjan

Confirmed the same problem on 2.5.1-RELEASE/pfBlockerNG-devel 3.0.0_16

Disable GeoIP Europe + update/reload -> does not remove pfB_NAmerica_v4 FW rule !

RonpfS

@chudak Maybe post pfblockerng.log, we can't see much without that.

chudak

@ronpfs said in Disable action does not work ?:

@chudak Maybe post pfblockerng.log, we can see much without that.

https://pastebin.ubuntu.com/p/SHnvfgm2xN/

Please take a look !
Thx!

RonpfS

@chudak Did you ran a Force Update or a Force Reload All after disabling the GeoIP group?

chudak

@ronpfs said in Disable action does not work ?:

@chudak Did you ran a Force Update or a Force Reload All after disabling the GeoIP group?

Yes

RonpfS

@chudak So you ran both ? timestamp of the Force Update ?

chudak

@ronpfs

You know I need to play with a bit and produce a good log. Will update later.

Thx for looking !

RonpfS

@chudak said in Disable action does not work ?:

You know I need to play with a bit and produce a good log. Will update later.
Thx for looking !

Start by enable only on GeoIP group check if things change with a Force Update, then run a Force Reload IP or ALL.

Disable that GeoIP group, Update, Reload IP.

chudak

@ronpfs

It looks like it was my bad and disable in fact does work.

My apologies !

Can I ask you kinda related-unrelated question.

When I look at my Whitelist I see:

and corresponding FW rule:

Do White_List_hosts and White_List_ports have to be used? Can they be removed ?

RonpfS

@chudak said in Disable action does not work ?:

Do White_List_hosts and White_List_ports have to be used? Can they be removed ?

When was this settings configured ? Look at both aliases to see if they are still relevant.

chudak

@ronpfs said in Disable action does not work ?:

When was this settings configured ? Look at both aliases to see if they are still relevant.

The problem is I don;t actually remember when and how :)

So I'd say no need for them. But when I try to disable "Custom DST Port" and "Custom Destination" and Save I get:

???

What do you see there ?

RonpfS

@chudak Strange. You are sure you untick both boxes, save, etc ?

chudak

@ronpfs said in Disable action does not work ?:

@chudak Strange. You are sure you untick both boxes, save, etc ?

Yup, unchecked both and on save that error.

Do you have aliases in tee WL?

RonpfS

@chudak And you did that in the Whitelist group ? not with the FW rules.
I do have a Whitelist rules with both boxes unticked, maybe empty the field also.