Potential regex bug with IPv4 Bogon parsing



  • We received a complaint from another ISP claiming we were blocking their range. The range in question is 185.149.252.0/22.

    A look at the Firewall logs revealed a surprise: it was being blocked because it was on the list of Bogon networks. I couldn't believe it so I looked at the list of Bogons myself but I couldn't find a CIDR that would match. I'm referring to the list that pfSense updates from, found here:

    https://files.pfsense.org/lists/fullbogons-ipv4.txt

    I had to temporarily disable Bogon filtering in the Rules section, to allow this ISP's customers to reach machines behind our firewall.

    Is this a bug in how pfSense Bogons are parsed? There's a range in there that's close: 185.1.128.0/17
    Is it possible a parsing bug associates the ISP's range with this Bogon network above?

    I didn't want to submit a full bug report before confirming it here first, on the forum.

    Thanks!


  • LAYER 8 Global Moderator

    I don't see how that could happen if you go under diag, tables you can look at the bogon table - what is in there?  I don't see this 185.149  - you sure that was his IP he was coming from?  You saw it in the logs for blocked bogons?


  • Rebel Alliance Developer Netgate

    Your local copy of that file may be out of date. Check Diagnostics > Tables, and pick bogons there. Click the update button to refresh your local copy.


Log in to reply