Alias Native Logging



  • Hi, I have a question regarding the logging when using Alias Native in the creation of ip lists.

    I am using pfBlockerNG-devel version.

    I have, and am, using the alias native option to allow more fine grain control on the list order but I am finding that the rules are working in blocking and allowing as per my rule order, they are not being logged in the reports section.

    Is this by design or have I misconfigured something. I really liking the new reporting section and would like to make use of it so any help would be appreciated.

    Thanks.

    Nick



  • I have experienced a similar thing.

    I only allow a subset of Oceania GeoIP to connect to my OpenVPN sever, I do this using an Alias Native which is used in my firewall rule for OpenVPN.

    Connection to my VPN are no longer showing up on the Permit Report, as well I have noticed the Oceania list appearing on the Feeds column of the IP Deny feed.

    When Oceania shows up on the IP Deny feed, these connection attempts are not to my OpenVPN port (1194).

    My understanding (please correct me if wrong) is that any successful connections to port 1194 from oceania would go on the Permit list. Any unsuccessful connections to port 1194 would go in IP Deny with Oceania as the Feed.

    Connections to any other port should not have anything to do with the Oceania GeoIP List.

    BBcan117 you have done an outstanding job on the development version of pfBlocker, Thank you for you hard work.



  • If you change the type to Alias Permit or Alias Deny, does it generate alerts ?



  • Changed to Alias Permit, reloaded

    Nothing in Permit, now I have feeds in Deny with Unknown Not Listed



  • @morgion said in Alias Native Logging:

    Unknown Not Listed

    This is a new behaviour of the pfBlockerNG DNSBL service, it's dynamic and switch the Feed to Unknown during Cron Update or Force Reload.



  • @morgion said in Alias Native Logging:

    Nothing in Permit

    Did you read the alt text infoblock?
    Maybe if you use "pfb_" for rules prefix ?



  • Just tried again, verified cron not starting for another 20 minutes. exact same result.



  • @ronpfs I use pfb_Oceania_v4 in my OpenVPN Rule as Host/alias Source for the OpenVPN Pass rule



  • @morgion It's also become Unknown when it's no longer in any DNSBL tables.

    So when it find an alert in the dnsbl.log file, it will display it in the Report tab even if it's no longer in any feed.

    Can you hit the ^0 besides Quote in this forum (This will give me the minimum 3 Reputations so I don't have to wait "120 Sec" between post) ☹



  • Just flicked through Diag/Tables all the pfb ip tables are populated.

    Also included my Openvpn rules to show how it was setup

    0_1527468044479_Untitled.png



  • @morgion I guess the reports only search for Auto Rules as it has no way to figure out what are the FWRule TrackerIDs of your rules ğŸ˜ž



  • @ronpfs That would be my guess, though It used to work pre development version, you just had to ensure logging was enabled for that rule. Im hoping its a bug that BBcan117 will get around to one day. if not it still works great and pfSense/pfBlocker is a fantastic product.

    here is a pic of the pfBlocker reports fyi

    0_1527468571390_Untitled 2.png



  • @morgion You can check that the 77.72.82.71 (or 77.72.82 or 77.72.) is in you Permit/Deny/Match/Native db with something like

    grep "^77.72.82" /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
    


  • @BBcan17 said in [Email] :
    In Extra Options, change the Description to something that start with "pfb_"



  • @ronpfs said in Alias Native Logging:

    grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

    grep: /var/db/pfblockerng/permit/.txt: No such file or directory
    grep: /var/db/pfblockerng/original/.orig: No such file or directory



  • @morgion said in Alias Native Logging:

    @ronpfs said in Alias Native Logging:

    grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

    grep: /var/db/pfblockerng/permit/.txt: No such file or directory
    grep: /var/db/pfblockerng/original/.orig: No such file or directory

    Oups missing 2 "*" because I did'nt use a </> Code block 😮

    grep “^77.72.82” /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
    


  • @ronpfs said in Alias Native Logging:

    rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

    No output



  • @ronpfs said in Alias Native Logging:

    @BBcan17 said in [Email] :
    In Extra Options, change the Description to something that start with "pfb_"

    No effect



  • @morgion said in Alias Native Logging:

    @ronpfs said in Alias Native Logging:

    @BBcan17 said in [Email] :
    In Extra Options, change the Description to something that start with "pfb_"

    No effect

    Maybe do a Force Reload IP 😖

    Restart the pfBlockerNG firewall filter service 😕



  • @morgion said in Alias Native Logging:

    @ronpfs said in Alias Native Logging:

    rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

    No output

    grep “^77.72.” /var/db/pfblockerng/permit/*.txt  /var/db/pfblockerng/original/*.orig
    

    It maybe in a big block range.

    If you go further down in the Alerts Tab (maybe change the settings to get more alerts) was it in a table as some point in time?



  • @ronpfs

    Still no output from grep

    Alerts tab

    May 28 11:41:32 WAN pfB_PRI1_v4
    (1770009104) TCP-S 77.72.82.71:59854
    hostby.ups-gb.co.uk     xxx.xxx.xxx.xxx:59599 
    GB ET_Block_v4
    77.72.82.0/24

    get hit by this one a lot so didn't have to look far, not unknown anymore. also doing full reload now

    EDIT: Full reload didn't help ☹



  • @morgion said in Alias Native Logging:

    doing full reload now

    If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.

    You can also peek at the ip_permit.log file.



  • @ronpfs said in Alias Native Logging:

    @morgion said in Alias Native Logging:

    doing full reload now

    If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.

    You can also peek at the ip_permit.log file.

    Restarted pfBlocker Firewall Filter service, ip_permit.log empty



  • @morgion said in Alias Native Logging:

    @ronpfs said in Alias Native Logging:

    rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig

    No output

    Looks like you don't need the "

    grep ^77.72.82 /var/db/pfblockerng/*/*.txt  /var/db/pfblockerng/original/*.orig
    


  • @ronpfs said in Alias Native Logging:

    grep ^77.72.82 /var/db/pfblockerng//.txt /var/db/pfblockerng/original/*.orig

    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.101
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.14
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.19
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.22
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.31
    /var/db/pfblockerng/deny/ET_Block_v4.txt:77.72.82.0/24
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.19 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.22 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.72 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.88 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.125 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.59 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.101 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.14 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.48 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.91 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.31 # Malicious Host
    /var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.19
    /var/db/pfblockerng/original/BlockListDE_All_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/BlockListDE_SSH_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.101
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.14
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.19
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.22
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.31
    /var/db/pfblockerng/original/DangerRulez_v4.orig:77.72.82.15 # 2018-05-27 10:23:33 21 1486391
    /var/db/pfblockerng/original/ET_Block_v4.orig:77.72.82.0/24
    /var/db/pfblockerng/original/ET_Comp_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.56
    /var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.14
    /var/db/pfblockerng/original/ISC_Block_v4.orig:77.72.82.0 77.72.82.255 24 1342 NETUP-AS , RU aospan@netup.ru
    /var/db/pfblockerng/original/SuspectNetworks_v4.orig:77.72.82.0/24



  • @morgion said in Alias Native Logging:

    ip_permit.log empty

    And you see the Permits in FW Logs ?



  • @ronpfs said in Alias Native Logging:

    @morgion said in Alias Native Logging:

    ip_permit.log empty

    And you see the Permits in FW Logs ?

    Yes



  • @morgion said in Alias Native Logging:

    @ronpfs said in Alias Native Logging:

    grep ^77.72.82 /var/db/pfblockerng//.txt /var/db/pfblockerng/original/*.orig

    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.101
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.14
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.19
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.22
    /var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.31
    /var/db/pfblockerng/deny/ET_Block_v4.txt:77.72.82.0/24
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.19 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.22 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.72 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.88 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.125 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.59 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.101 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.14 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.48 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.91 # Malicious Host
    /var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.31 # Malicious Host
    /var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.19
    /var/db/pfblockerng/original/BlockListDE_All_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/BlockListDE_SSH_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.101
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.14
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.19
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.22
    /var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.31
    /var/db/pfblockerng/original/DangerRulez_v4.orig:77.72.82.15 # 2018-05-27 10:23:33 21 1486391
    /var/db/pfblockerng/original/ET_Block_v4.orig:77.72.82.0/24
    /var/db/pfblockerng/original/ET_Comp_v4.orig:77.72.82.15
    /var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.56
    /var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.14
    /var/db/pfblockerng/original/ISC_Block_v4.orig:77.72.82.0 77.72.82.255 24 1342 NETUP-AS , RU aospan@netup.ru
    /var/db/pfblockerng/original/SuspectNetworks_v4.orig:77.72.82.0/24

    Strange as 77.72.82.0/24 include 77.72.82.1 to 77.72.82.254

    Do you have suppression enabled ?



  • @ronpfs Yes but not used (yet)



  • Can you run

    pfctl -vvsr | grep "pf"
    


  • @ronpfs said in Alias Native Logging:

    pfctl -vvsr | grep "pf"```

    no output



  • @morgion Again a "new" forum qwerk, missing a new line

    pfctl -vvsr | grep "pf"
    


  • @morgion said in Alias Native Logging:

    @ronpfs Yes but not used (yet)

    It's done when a Reload IP or Cron update run.
    It should have remove the /var/db/pfblockerng/deny/CINS_army_v4.txt entries

    I see the same thing on my box with De-Duplication, CIDR Aggregation and Suppression enabled



  • @ronpfs

    Shell Output - pfctl -vvsr | grep "pf"
    @127(1770001239) pass quick on igb1 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
    @128(1770001239) pass quick on igb2 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
    @129(1770001239) pass quick on igb3 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
    @130(1770001466) pass quick on igb1 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @131(1770001466) pass quick on igb1 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @132(1770001466) pass quick on igb1 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @133(1770001466) pass quick on igb1 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @134(1770001466) pass quick on igb2 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @135(1770001466) pass quick on igb2 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @136(1770001466) pass quick on igb2 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @137(1770001466) pass quick on igb2 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @138(1770001466) pass quick on igb3 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @139(1770001466) pass quick on igb3 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
    @140(1770001466) pass quick on igb3 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @141(1770001466) pass quick on igb3 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
    @142(1770009104) block drop log quick on pppoe0 inet from <pfB_PRI1_v4:17167> to any label "USER_RULE: pfB_PRI1_v4"
    @143(1770009128) block drop log quick on pppoe0 inet from <pfB_PRI2_v4:37959> to any label "USER_RULE: pfB_PRI2_v4"
    @144(1770009318) block drop log quick on pppoe0 inet from <pfB_PRI3_v4:16803> to any label "USER_RULE: pfB_PRI3_v4"
    @145(1770009226) block drop log quick on pppoe0 inet from <pfB_PRI4_v4:14347> to any label "USER_RULE: pfB_PRI4_v4"
    @146(1770009208) block drop log quick on pppoe0 inet from <pfB_PRI5_v4:2363> to any label "USER_RULE: pfB_PRI5_v4"
    @147(1770008838) block drop log quick on pppoe0 inet from <pfB_MAIL_v4:12149> to any label "USER_RULE: pfB_MAIL_v4"
    @148(1770009301) block drop log quick on pppoe0 inet from <pfB_Abuse_PS_v4:2> to any label "USER_RULE: pfB_Abuse_PS_v4"
    @149(1770008792) block drop log quick on pppoe0 inet from <pfB_TOR_v4:6703> to any label "USER_RULE: pfB_TOR_v4"
    @150(1770009914) block drop log quick on pppoe0 inet from <pfB_Internic_4_v4:13> to any label "USER_RULE: pfB_Internic_4_v4"
    @151(1770009587) block drop log quick on pppoe0 inet from <pfB_BlockListDE_v4:155> to any label "USER_RULE: pfB_BlockListDE_v4"
    @152(1770009071) block drop log quick on pppoe0 inet from <pfB_DNSBLIP_v4:13203> to any label "USER_RULE: pfB_DNSBLIP_v4"
    @153(1770009435) block drop log quick on pppoe0 inet6 from <pfB_PRI1_6_v6:99> to any label "USER_RULE: pfB_PRI1_6_v6"
    @154(1770009706) block drop log quick on pppoe0 inet6 from <pfB_Internic_6_v6:13> to any label "USER_RULE: pfB_Internic_6_v6"
    @155(1770004209) block return log quick on igb1 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
    @156(1770004209) block return log quick on igb2 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
    @157(1770004209) block return log quick on igb3 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
    @158(1770004233) block return log quick on igb1 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
    @159(1770004233) block return log quick on igb2 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
    @160(1770004233) block return log quick on igb3 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
    @161(1770004423) block return log quick on igb1 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
    @162(1770004423) block return log quick on igb2 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
    @163(1770004423) block return log quick on igb3 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
    @164(1770004331) block return log quick on igb1 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
    @165(1770004331) block return log quick on igb2 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
    @166(1770004331) block return log quick on igb3 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
    @167(1770004313) block return log quick on igb1 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
    @168(1770004313) block return log quick on igb2 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
    @169(1770004313) block return log quick on igb3 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
    @170(1770003943) block return log quick on igb1 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
    @171(1770003943) block return log quick on igb2 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
    @172(1770003943) block return log quick on igb3 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
    @173(1770004406) block return log quick on igb1 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
    @174(1770004406) block return log quick on igb2 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
    @175(1770004406) block return log quick on igb3 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
    @176(1770003897) block return log quick on igb1 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
    @177(1770003897) block return log quick on igb2 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
    @178(1770003897) block return log quick on igb3 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
    @179(1770005019) block return log quick on igb1 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
    @180(1770005019) block return log quick on igb2 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
    @181(1770005019) block return log quick on igb3 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
    @182(1770004692) block return log quick on igb1 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
    @183(1770004692) block return log quick on igb2 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
    @184(1770004692) block return log quick on igb3 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
    @185(1770004176) block return log quick on igb1 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
    @186(1770004176) block return log quick on igb2 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
    @187(1770004176) block return log quick on igb3 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
    @188(1770004540) block return log quick on igb1 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
    @189(1770004540) block return log quick on igb2 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
    @190(1770004540) block return log quick on igb3 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
    @191(1770004811) block return log quick on igb1 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
    @192(1770004811) block return log quick on igb2 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
    @193(1770004811) block return log quick on igb3 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
    @211(1527214027) pass in log quick on pppoe0 reply-to (pppoe0 150.101.32.41) inet proto udp from <pfB_Oceania_v4:6752> to xx.xxx.xxx.xxx port = openvpn keep state label "USER_RULE: pfb_OpenVPN_Remote_Network_Access_wizard"



  • @morgion It may be a bug that BBcan177 will need to address.

    The pfBlockerNG firewall filter service looks for TrackerID 1770* and the pfB_Oceania_v4 is 1527214027.😬



  • @ronpfs At least we got to the bottom of it. Thank you very much for your assistance. Yourself and @BBcan17 are assets to the pfSense community!



  • @morgion Can you use Adv. Inbound rules and use "Permit Inbound" and let it auto-create the rule which will have the 177 tracker id prefix?



  • @ronpfs said in Alias Native Logging:

    @morgion Can you use Adv. Inbound rules and use "Permit Inbound" and let it auto-create the rule which will have the 177 tracker id prefix?

    Those rules do work, I have just been trying to not to create more aliases, and have more flexibility.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy