States Not Being Killed PFblockerNG



  • We're experiencing a problem where existing states are not being killed by pfBlockerNG when a new IP is added to an IPv4 alias list.

    Running pfSense 2.3.4-RELEASE-p1 on Netgate hardware with pfBlockerNG 2.1.1_10

    In Firewall > pfBlockerNG > General, Kill States is checked.

    The Alias List config here Firewall > pfBlockerNG > Edit > IPv4 is as follows:
    Alias Name: HTTP_Blocked_dynamic_2
    IPv4 Lists: Format: Auto, State: ON, Source: http://host/url.txt, Header/Label: HTTP_Blocked
    List Action: Alias Deny
    Update Frequency: Every Hour
    Enable Logging: Enable
    States Removal: Enable

    When a new IP is added to the HTTP Source and the Cron job runs, the IP is added to the alias list and new connections from this IP are being handled appropriately. However existing states are not being matched and/or killed.

    Here is an example from the pfblockerng.log:

    ===[  Aliastables / Rules  ]==========================================

    No changes to Firewall rules, skipping Filter Reload

    Updating: pfB_HTTP_Blocked_dynamic_2
    1 addresses added.

    ===[  Kill States  ]==================================================

    No matching states found

    We know the states for the IP are still there because we can still see them by filtering here: Diagnostics > States > States. If we manually kill the states then the IP's get blocked immediately.

    We also attempted this in a lab using the latest builds of pfSense 2.4.0 with pfBlockerNG 2.1.2 and experienced the same issue. The last time we know this was working was with pfSense 2.2.6 which we recently upgraded from.

    Any help or suggestions with this would be appreciated.


  • Moderator

    Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.

    Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc

    https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099

    and change Line #5099

    from:

    if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) {
    
    to:
    [code]
    if ($alias['type'] == 'urltable' &&
        (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&
        strpos($alias['descr'], '[s]') === FALSE) {
    
    Please report back ... Thanks![/s][/code][/s]
    


  • @BBcan177:

    Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.

    Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc

    https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099

    and change Line #5099

    from:

    if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) {
    
    to:
    [code]
    if ($alias['type'] == 'urltable' &&
        (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&
        strpos($alias['descr'], '[s]') === FALSE) {
    
    Please report back ... Thanks!
    
    I am still having the same issue after changing the code [/s][/code][/s]
    

Log in to reply