Suppress IP still being blocked

  • I am subscribed to a couple IPv4 reputation lists in pfBlocker-NG.

    These lists are created as Alias Native in pfBlockerNG (I'm sure I had a reason, or possibly thought this was the best approach).

    I needed to suppress an IP, I have Suppression enabled in the global settings. I added the IP in /32 CIDR to the pfBlockerNGSuppress alias.

    I've updated pfBlocker-NG, using force, cron and reload, but the IPs are not being removed from the list.

    Is this because I am using Alias Native?

    I think the reason I used Alias Native was because I wanted to manually create and manage all firewall rules myself. I think Alias Deny would also work in my situation, should I switch to that? Does Alias Deny respect the suppression IPs?

  • I switched this to Alias Deny and that appears to do what I want, without (as far as i can tell) any other side effects.

  • Moderator

    Yes "Alias Native" does not utilize Deduplication or Suppression….

  • Yeah, due to my blocked Server (as Portforwarding inbound within the /8) Range I just switched to Alias Deny to getting able to Suppress this /32 and it worked.
    On first Testings the Server responds and a page is being delivered.

    If you read this in the future: Native Alias works good. As I have seen Deny Alias works better. I just didn't had to set my Suppress up (List is empty, just checked it!)
    I only can suggest that with the Deny Alias maybe pfBlockerNG recognizes / admits the Portforwarding as a higher Priority and lets the Traffic to that IP pass.

    I will just have to figure out if this happens only eg from my own Adresses or whether even Contacts from IPs within the defined Block Lists will also get passed / "ignored"...
    If anybody is aware of that case or knows an Answer I'd highly appreciate your effort here, as it saves many time seizing the Logs for denied Inbounds by each List.

    As I just saw that I did not mention that clearly... I was before using the Native Alias and just shortly switched to use the lists as a Deny Alias.
    The portforwarding did not work before as the lists were set to Native Alias.

Log in to reply