States Not Being Killed PFblockerNG
-
We're experiencing a problem where existing states are not being killed by pfBlockerNG when a new IP is added to an IPv4 alias list.
Running pfSense 2.3.4-RELEASE-p1 on Netgate hardware with pfBlockerNG 2.1.1_10
In Firewall > pfBlockerNG > General, Kill States is checked.
The Alias List config here Firewall > pfBlockerNG > Edit > IPv4 is as follows:
Alias Name: HTTP_Blocked_dynamic_2
IPv4 Lists: Format: Auto, State: ON, Source: http://host/url.txt, Header/Label: HTTP_Blocked
List Action: Alias Deny
Update Frequency: Every Hour
Enable Logging: Enable
States Removal: EnableWhen a new IP is added to the HTTP Source and the Cron job runs, the IP is added to the alias list and new connections from this IP are being handled appropriately. However existing states are not being matched and/or killed.
Here is an example from the pfblockerng.log:
===[ Aliastables / Rules ]==========================================
No changes to Firewall rules, skipping Filter Reload
Updating: pfB_HTTP_Blocked_dynamic_2
1 addresses added.===[ Kill States ]==================================================
No matching states found
We know the states for the IP are still there because we can still see them by filtering here: Diagnostics > States > States. If we manually kill the states then the IP's get blocked immediately.
We also attempted this in a lab using the latest builds of pfSense 2.4.0 with pfBlockerNG 2.1.2 and experienced the same issue. The last time we know this was working was with pfSense 2.2.6 which we recently upgraded from.
Any help or suggestions with this would be appreciated.
-
Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.
Can you edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099
and change Line #5099
from:
if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' && (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) && strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks![/s][/code][/s] -
Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.
Can you edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099
and change Line #5099
from:
if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' && (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) && strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks! I am still having the same issue after changing the code [/s][/code][/s] -
T totowentsouth referenced this topic on
