PfBlockerNG not picking up changes
-
I currently have pfBlockerNG set to only allow access based on some IPv4 lists I have setup. Specifically limited it just USA addresses. This past week we had some people travelling out of the USA, so I added to my IPv4 the countries they were travel to. However, the firewall was blocking them. I'm sure I'm doing something wrong, but I don't know what. Is there something I need to reload once I add (or remove) lists to the IPv4 tab?
I've attached my IPv4 setting screen shot.
Thanks
-
You need to do force reload in update tab.
-
I assumed (I guess wrongly) that the changes would be put in effect on the hourly cron job that is enabled.
-
The changes should update on the hourly cron job, check your rule order to make sure you have the allow rules before the deny rules.
-
I don't thinks it's rule order since it is working for the North American address, just not the other added countries.
-
I currently have pfBlockerNG set to only allow access based on some IPv4 lists I have setup. Specifically limited it just USA addresses. This past week we had some people travelling out of the USA, so I added to my IPv4 the countries they were travel to. However, the firewall was blocking them. I'm sure I'm doing something wrong, but I don't know what. Is there something I need to reload once I add (or remove) lists to the IPv4 tab?
Which IPs were getting blocked? Maybe those IPs were not Registered in the selected Countries?
You can run the following command to see what Country an IP is registered to:
Example:
geoiplookup 5.62.153.1 GeoIP Country Edition: US, United States -
BBCan177, thanks for the command to check which country the ip is in. That part checked out, and I had the country in the pass list for IPv4. I thought I had saved the firewall log so I could dig into the issue more when I had some time, but I've lost it. The issue maybe somewhere else. I'm going to try to schedule some testing time with people out of the country.
Thanks for the help
-
My users have moved to a different country, and all is working how I should. I'm still not sure the source of the initial issue, though I'm sure it's not a program fault but my configuration. Should I figure it out, I'll update this post.
-
My users were locked out when moving to another country. I did a force update and force reload on pfBlockerNG, and they were able to connect. A fairly simple solution, but still confusing since the cron job should be doing both these tasks. It seems (maybe) the cron job is doing the country IP updates, but not reloading the rules after. It's my best guess at the moment.
-
BBcan177 was able to figure out the issue. I was using the same header/label in multiple alias lists. This was preventing all the lists from updating. Changing the header's to being unique has fixed the issue.
Thanks to BBcan177 for all his work on this package and figuring out this problem.
