Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alias Native Logging

    Scheduled Pinned Locked Moved pfBlockerNG
    38 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nkeene
      last edited by

      Hi, I have a question regarding the logging when using Alias Native in the creation of ip lists.

      I am using pfBlockerNG-devel version.

      I have, and am, using the alias native option to allow more fine grain control on the list order but I am finding that the rules are working in blocking and allowing as per my rule order, they are not being logged in the reports section.

      Is this by design or have I misconfigured something. I really liking the new reporting section and would like to make use of it so any help would be appreciated.

      Thanks.

      Nick

      1 Reply Last reply Reply Quote 1
      • MORGiONM
        MORGiON
        last edited by MORGiON

        I have experienced a similar thing.

        I only allow a subset of Oceania GeoIP to connect to my OpenVPN sever, I do this using an Alias Native which is used in my firewall rule for OpenVPN.

        Connection to my VPN are no longer showing up on the Permit Report, as well I have noticed the Oceania list appearing on the Feeds column of the IP Deny feed.

        When Oceania shows up on the IP Deny feed, these connection attempts are not to my OpenVPN port (1194).

        My understanding (please correct me if wrong) is that any successful connections to port 1194 from oceania would go on the Permit list. Any unsuccessful connections to port 1194 would go in IP Deny with Oceania as the Feed.

        Connections to any other port should not have anything to do with the Oceania GeoIP List.

        BBcan117 you have done an outstanding job on the development version of pfBlocker, Thank you for you hard work.

        1 Reply Last reply Reply Quote 0
        • RonpfSR
          RonpfS
          last edited by

          If you change the type to Alias Permit or Alias Deny, does it generate alerts ?

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          1 Reply Last reply Reply Quote 1
          • MORGiONM
            MORGiON
            last edited by

            Changed to Alias Permit, reloaded

            Nothing in Permit, now I have feeds in Deny with Unknown Not Listed

            RonpfSR 2 Replies Last reply Reply Quote 1
            • RonpfSR
              RonpfS @MORGiON
              last edited by RonpfS

              @morgion said in Alias Native Logging:

              Unknown Not Listed

              This is a new behaviour of the pfBlockerNG DNSBL service, it's dynamic and switch the Feed to Unknown during Cron Update or Force Reload.

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 1
              • RonpfSR
                RonpfS @MORGiON
                last edited by RonpfS

                @morgion said in Alias Native Logging:

                Nothing in Permit

                Did you read the alt text infoblock?
                Maybe if you use "pfb_" for rules prefix ?

                2.4.5-RELEASE-p1 (amd64)
                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                MORGiONM 1 Reply Last reply Reply Quote 1
                • MORGiONM
                  MORGiON
                  last edited by

                  Just tried again, verified cron not starting for another 20 minutes. exact same result.

                  RonpfSR 1 Reply Last reply Reply Quote 1
                  • MORGiONM
                    MORGiON @RonpfS
                    last edited by

                    @ronpfs I use pfb_Oceania_v4 in my OpenVPN Rule as Host/alias Source for the OpenVPN Pass rule

                    1 Reply Last reply Reply Quote 1
                    • RonpfSR
                      RonpfS @MORGiON
                      last edited by RonpfS

                      @morgion It's also become Unknown when it's no longer in any DNSBL tables.

                      So when it find an alert in the dnsbl.log file, it will display it in the Report tab even if it's no longer in any feed.

                      Can you hit the ^0 besides Quote in this forum (This will give me the minimum 3 Reputations so I don't have to wait "120 Sec" between post) ☹

                      2.4.5-RELEASE-p1 (amd64)
                      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                      1 Reply Last reply Reply Quote 1
                      • MORGiONM
                        MORGiON
                        last edited by

                        Just flicked through Diag/Tables all the pfb ip tables are populated.

                        Also included my Openvpn rules to show how it was setup

                        0_1527468044479_Untitled.png

                        RonpfSR 1 Reply Last reply Reply Quote 0
                        • RonpfSR
                          RonpfS @MORGiON
                          last edited by

                          @morgion I guess the reports only search for Auto Rules as it has no way to figure out what are the FWRule TrackerIDs of your rules 😞

                          2.4.5-RELEASE-p1 (amd64)
                          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                          MORGiONM 1 Reply Last reply Reply Quote 1
                          • MORGiONM
                            MORGiON @RonpfS
                            last edited by MORGiON

                            @ronpfs That would be my guess, though It used to work pre development version, you just had to ensure logging was enabled for that rule. Im hoping its a bug that BBcan117 will get around to one day. if not it still works great and pfSense/pfBlocker is a fantastic product.

                            here is a pic of the pfBlocker reports fyi

                            0_1527468571390_Untitled 2.png

                            RonpfSR 1 Reply Last reply Reply Quote 0
                            • RonpfSR
                              RonpfS @MORGiON
                              last edited by RonpfS

                              @morgion You can check that the 77.72.82.71 (or 77.72.82 or 77.72.) is in you Permit/Deny/Match/Native db with something like

                              grep "^77.72.82" /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
                              

                              2.4.5-RELEASE-p1 (amd64)
                              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                              MORGiONM 1 Reply Last reply Reply Quote 1
                              • RonpfSR
                                RonpfS
                                last edited by RonpfS

                                @BBcan17 said in [Email] :
                                In Extra Options, change the Description to something that start with "pfb_"

                                2.4.5-RELEASE-p1 (amd64)
                                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                MORGiONM 1 Reply Last reply Reply Quote 1
                                • MORGiONM
                                  MORGiON @RonpfS
                                  last edited by

                                  @ronpfs said in Alias Native Logging:

                                  grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

                                  grep: /var/db/pfblockerng/permit/.txt: No such file or directory
                                  grep: /var/db/pfblockerng/original/.orig: No such file or directory

                                  RonpfSR 1 Reply Last reply Reply Quote 0
                                  • RonpfSR
                                    RonpfS @MORGiON
                                    last edited by RonpfS

                                    @morgion said in Alias Native Logging:

                                    @ronpfs said in Alias Native Logging:

                                    grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

                                    grep: /var/db/pfblockerng/permit/.txt: No such file or directory
                                    grep: /var/db/pfblockerng/original/.orig: No such file or directory

                                    Oups missing 2 "*" because I did'nt use a </> Code block 😮

                                    grep “^77.72.82” /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
                                    

                                    2.4.5-RELEASE-p1 (amd64)
                                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                    MORGiONM 1 Reply Last reply Reply Quote 1
                                    • MORGiONM
                                      MORGiON @RonpfS
                                      last edited by

                                      @ronpfs said in Alias Native Logging:

                                      rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

                                      No output

                                      RonpfSR 2 Replies Last reply Reply Quote 0
                                      • MORGiONM
                                        MORGiON @RonpfS
                                        last edited by

                                        @ronpfs said in Alias Native Logging:

                                        @BBcan17 said in [Email] :
                                        In Extra Options, change the Description to something that start with "pfb_"

                                        No effect

                                        RonpfSR 1 Reply Last reply Reply Quote 0
                                        • RonpfSR
                                          RonpfS @MORGiON
                                          last edited by RonpfS

                                          @morgion said in Alias Native Logging:

                                          @ronpfs said in Alias Native Logging:

                                          @BBcan17 said in [Email] :
                                          In Extra Options, change the Description to something that start with "pfb_"

                                          No effect

                                          Maybe do a Force Reload IP 😖

                                          Restart the pfBlockerNG firewall filter service 😕

                                          2.4.5-RELEASE-p1 (amd64)
                                          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                          1 Reply Last reply Reply Quote 1
                                          • RonpfSR
                                            RonpfS @MORGiON
                                            last edited by RonpfS

                                            @morgion said in Alias Native Logging:

                                            @ronpfs said in Alias Native Logging:

                                            rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

                                            No output

                                            grep “^77.72.” /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
                                            

                                            It maybe in a big block range.

                                            If you go further down in the Alerts Tab (maybe change the settings to get more alerts) was it in a table as some point in time?

                                            2.4.5-RELEASE-p1 (amd64)
                                            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                            MORGiONM 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.