Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Source of IP block

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 3 Posters 609 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • QinnQ
      Qinn
      last edited by

      Hi there is there a way to find out the source (as in program) of a blocked IP address in the logs by pfblockerNG or do I need snort?

      Cheers Qinn

      Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
      Firmware: Latest-stable-pfSense CE (amd64)
      Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

      1 Reply Last reply Reply Quote 0
      • C
        charvey
        last edited by

        I would love to know this as well. I have warnings/alerts from pfblockerng for addresses that aren't in any of my lists.

        1 Reply Last reply Reply Quote 0
        • B
          bartkowski
          last edited by

          Using the command line, you can search for the domain in PfBlockerNG's DNSBL config:

          grep "SEARCH STRING HERE" /var/unbound/pfb_dnsbl.conf

          For IP, I imagine the same would work for whatever *.conf file holds that.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.