Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfblockerng blocking googledns despite it wasn't in a list…

    pfBlockerNG
    2
    2
    479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moscato359 last edited by

      I had some… odd results from one of my lists in pfblockerng

      I was using this list:
      https://isc.sans.edu/api/sources/attacks/10000

      It contains 1 month of information
      <lastseen>2017-04-04</lastseen> is the oldest last seen date, so it's not like the information just fell off.

      pfblockerng was blocking googledns , from this list, except 8.8.8.8 which is blocked, wasn't in the list at all!

      I have it on an hourly cron update for both the list, and general cron.

      See attached image:

      ![googledns pfblocker.png](/public/imported_attachments/1/googledns pfblocker.png)
      ![googledns pfblocker.png_thumb](/public/imported_attachments/1/googledns pfblocker.png_thumb)

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        Run the following command to see which feed contains that IP:

        grep "8.8.8.8" /var/db/pfblockerng/deny/*

        If you enable the suppression feature, it will add a "+" icon in the Alerts tab which can be used to suppress this IP. This IP shouldn't be listed in any feed, so once you find out which feed listed that IP, you may want to report it to the feed maintainer.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post