PfBlocker creates IPv4 rule for IPV6 lists
-
Im trying to get Spamhaus DROP-lists enabled in pfBlocker.
But it seems that there is an error with the rules created for lists under IPv6.
The rule created are set to match IPv4 traffic. I tried to change them manually but they get changed back.Any advice?
regards,
Wish
-
As a workaround, change the type to Alias
MatchDeny and create you own FW rules.
-
Keep in mind that "Match" rules are applied to the "Floating Firewall" Rules tab….
-
Keep in mind that "Match" rules are applied to the "Floating Firewall" Rules tab….
Are you referring to the Match-* rule actions now?
Per the pfBlockerng GUI-help the Alias-* actions will create aliases only, but no rules.I used the created list aliases in my own rules on the floating tab as RonpfS suggested, works great! :)
Wish
-
(reviving this thread…) I'm using version 2.1.1_6 and am wondering if there any update on this issue? (creating ipv4 rules for ipv6 lists) If a fix is pending, I don't want to manually put in a work-around that I'll have to take back out in a few days...
Take care - and thank you,
Gary
-
(reviving this thread…) I'm using version 2.1.1_6 and am wondering if there any update on this issue? (creating ipv4 rules for ipv6 lists) If a fix is pending, I don't want to manually put in a work-around that I'll have to take back out in a few days...
I hope to have the next release submitted in a month or so…
-
Hi!
I'm using version 2.1.2_3, which is the most recent, and this is still an issue. Is there still a plan to fix this?
-
@iamgimli said in PfBlocker creates IPv4 rule for IPV6 lists:
I’m using version 2.1.2_3, which is the most recent, and this is still an issue. Is there still a plan to fix this?
This should be fixed in the pfBlockerNG-devel version.
-
Is there a timeframe to get this into the main package? Whenever I try to move to the -devel package it bricks my pfSense box so that's not a working workaround.
-
@IamGimli What version of pfSense are you using?
-
@BBcan177 I'm running pfSense 2.4.4-RELEASE-p2 with pfBlockerNG version 2.1.4_16.
-
@IamGimli said in PfBlocker creates IPv4 rule for IPV6 lists:
Is there a timeframe to get this into the main package? Whenever I try to move to the -devel package it bricks my pfSense box so that's not a working workaround.
You need to provide some more details about your issue when you install pfBlockerNG-devel. Does it install without any errors? At what part do you run into issues? Did you review any of the logs (pfblockerng.log, system.log, resolver.log etc)?
-
@BBcan177 The pfBlockerNG-devel package installs successfully (according to the interface) but then clicking anything in the interface results is a frozen screen and a bricked box. I have to wipe it and recover from the last backup. I haven't looked into any log files or done any more troubleshooting because, again, that's not a solution to my actual problem, which is that IPv6 rules are created as IPv4 rules.
-
@IamGimli said in PfBlocker creates IPv4 rule for IPV6 lists:
@BBcan177 The pfBlockerNG-devel package installs successfully (according to the interface) but then clicking anything in the interface results is a frozen screen and a bricked box. I have to wipe it and recover from the last backup. I haven't looked into any log files or done any more troubleshooting because, again, that's not a solution to my actual problem, which is that IPv6 rules are created as IPv4 rules.
Related:
https://www.reddit.com/r/pfBlockerNG/comments/bjpi3u/pfblockerng_hangs_pfsense_unresponsive/IPv6 is addressed in pfBlockerNG-devel, I don't have the time to backport all those changes to the pfBlockerNG version.
-
Alright, I was finally able to make the -devel package work, by reinstalling pfSense from scratch. Glad to see the IPv6 rules are now working properly!
Thank you for your help.
