Source of IP block
Qinn last edited by
Hi there is there a way to find out the source (as in program) of a blocked IP address in the logs by pfblockerNG or do I need snort?
charvey last edited by
I would love to know this as well. I have warnings/alerts from pfblockerng for addresses that aren't in any of my lists.
bartkowski last edited by
Using the command line, you can search for the domain in PfBlockerNG's DNSBL config:
grep "SEARCH STRING HERE" /var/unbound/pfb_dnsbl.conf
For IP, I imagine the same would work for whatever *.conf file holds that.