Source of IP block

  • Hi there is there a way to find out the source (as in program) of a blocked IP address in the logs by pfblockerNG or do I need snort?

    Cheers Qinn

  • I would love to know this as well. I have warnings/alerts from pfblockerng for addresses that aren't in any of my lists.

  • Using the command line, you can search for the domain in PfBlockerNG's DNSBL config:

    grep "SEARCH STRING HERE" /var/unbound/pfb_dnsbl.conf

    For IP, I imagine the same would work for whatever *.conf file holds that.

Log in to reply