Source of IP block



  • Hi there is there a way to find out the source (as in program) of a blocked IP address in the logs by pfblockerNG or do I need snort?

    Cheers Qinn



  • I would love to know this as well. I have warnings/alerts from pfblockerng for addresses that aren't in any of my lists.



  • Using the command line, you can search for the domain in PfBlockerNG's DNSBL config:

    grep "SEARCH STRING HERE" /var/unbound/pfb_dnsbl.conf

    For IP, I imagine the same would work for whatever *.conf file holds that.


Log in to reply