Alias Native Logging
-
Hi, I have a question regarding the logging when using Alias Native in the creation of ip lists.
I am using pfBlockerNG-devel version.
I have, and am, using the alias native option to allow more fine grain control on the list order but I am finding that the rules are working in blocking and allowing as per my rule order, they are not being logged in the reports section.
Is this by design or have I misconfigured something. I really liking the new reporting section and would like to make use of it so any help would be appreciated.
Thanks.
Nick
-
I have experienced a similar thing.
I only allow a subset of Oceania GeoIP to connect to my OpenVPN sever, I do this using an Alias Native which is used in my firewall rule for OpenVPN.
Connection to my VPN are no longer showing up on the Permit Report, as well I have noticed the Oceania list appearing on the Feeds column of the IP Deny feed.
When Oceania shows up on the IP Deny feed, these connection attempts are not to my OpenVPN port (1194).
My understanding (please correct me if wrong) is that any successful connections to port 1194 from oceania would go on the Permit list. Any unsuccessful connections to port 1194 would go in IP Deny with Oceania as the Feed.
Connections to any other port should not have anything to do with the Oceania GeoIP List.
BBcan117 you have done an outstanding job on the development version of pfBlocker, Thank you for you hard work.
-
If you change the type to Alias Permit or Alias Deny, does it generate alerts ?
-
Changed to Alias Permit, reloaded
Nothing in Permit, now I have feeds in Deny with
UnknownNot Listed -
@morgion said in Alias Native Logging:
UnknownNot ListedThis is a new behaviour of the pfBlockerNG DNSBL service, it's dynamic and switch the Feed to
Unknownduring Cron Update or Force Reload. -
@morgion said in Alias Native Logging:
Nothing in Permit
Did you read the
infoblock?
Maybe if you use "pfb_" for rules prefix ?2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
Just tried again, verified cron not starting for another 20 minutes. exact same result.
-
@ronpfs I use pfb_Oceania_v4 in my OpenVPN Rule as Host/alias Source for the OpenVPN Pass rule
-
@morgion It's also become
Unknownwhen it's no longer in any DNSBL tables.So when it find an alert in the dnsbl.log file, it will display it in the Report tab even if it's no longer in any feed.
Can you hit the ^0 besides Quote in this forum (This will give me the minimum 3 Reputations so I don't have to wait "120 Sec" between post)
-
Just flicked through Diag/Tables all the pfb ip tables are populated.
Also included my Openvpn rules to show how it was setup
-
@morgion I guess the reports only search for Auto Rules as it has no way to figure out what are the FWRule TrackerIDs of your rules
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs That would be my guess, though It used to work pre development version, you just had to ensure logging was enabled for that rule. Im hoping its a bug that BBcan117 will get around to one day. if not it still works great and pfSense/pfBlocker is a fantastic product.
here is a pic of the pfBlocker reports fyi
-
@morgion You can check that the 77.72.82.71 (or 77.72.82 or 77.72.) is in you Permit/Deny/Match/Native db with something like
grep "^77.72.82" /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.orig2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
grep: /var/db/pfblockerng/permit/.txt: No such file or directory
grep: /var/db/pfblockerng/original/.orig: No such file or directory -
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
grep: /var/db/pfblockerng/permit/.txt: No such file or directory
grep: /var/db/pfblockerng/original/.orig: No such file or directoryOups missing 2 "*" because I did'nt use a </> Code block
grep “^77.72.82” /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.orig2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
-
@ronpfs said in Alias Native Logging:
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"No effect
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"No effect
Maybe do a Force Reload IP
Restart the pfBlockerNG firewall filter service
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
grep “^77.72.” /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.origIt maybe in a big block range.
If you go further down in the Alerts Tab (maybe change the settings to get more alerts) was it in a table as some point in time?
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
Still no output from grep
Alerts tab
May 28 11:41:32 WAN pfB_PRI1_v4
(1770009104) TCP-S 77.72.82.71:59854
hostby.ups-gb.co.uk xxx.xxx.xxx.xxx:59599
GB ET_Block_v4
77.72.82.0/24get hit by this one a lot so didn't have to look far, not unknown anymore. also doing full reload now
EDIT: Full reload didn't help
-
@morgion said in Alias Native Logging:
doing full reload now
If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.
You can also peek at the ip_permit.log file.
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
@morgion said in Alias Native Logging:
doing full reload now
If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.
You can also peek at the ip_permit.log file.
Restarted pfBlocker Firewall Filter service, ip_permit.log empty
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
Looks like you don't need the "
grep ^77.72.82 /var/db/pfblockerng/*/*.txt /var/db/pfblockerng/original/*.orig2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
grep ^77.72.82 /var/db/pfblockerng//.txt /var/db/pfblockerng/original/*.orig
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.101
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.14
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.19
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.22
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.31
/var/db/pfblockerng/deny/ET_Block_v4.txt:77.72.82.0/24
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.19 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.22 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.72 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.88 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.125 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.59 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.101 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.14 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.48 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.91 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.31 # Malicious Host
/var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.15
/var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.19
/var/db/pfblockerng/original/BlockListDE_All_v4.orig:77.72.82.15
/var/db/pfblockerng/original/BlockListDE_SSH_v4.orig:77.72.82.15
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.101
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.14
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.19
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.22
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.31
/var/db/pfblockerng/original/DangerRulez_v4.orig:77.72.82.15 # 2018-05-27 10:23:33 21 1486391
/var/db/pfblockerng/original/ET_Block_v4.orig:77.72.82.0/24
/var/db/pfblockerng/original/ET_Comp_v4.orig:77.72.82.15
/var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.56
/var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.14
/var/db/pfblockerng/original/ISC_Block_v4.orig:77.72.82.0 77.72.82.255 24 1342 NETUP-AS , RU aospan@netup.ru
/var/db/pfblockerng/original/SuspectNetworks_v4.orig:77.72.82.0/24 -
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
@morgion said in Alias Native Logging:
ip_permit.log empty
And you see the Permits in FW Logs ?
Yes
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
grep ^77.72.82 /var/db/pfblockerng//.txt /var/db/pfblockerng/original/*.orig
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.101
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.14
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.19
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.22
/var/db/pfblockerng/deny/CINS_army_v4.txt:77.72.82.31
/var/db/pfblockerng/deny/ET_Block_v4.txt:77.72.82.0/24
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.19 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.22 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.72 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.88 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.125 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.59 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.101 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.14 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.48 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.91 # Malicious Host
/var/db/pfblockerng/original/Alienvault_v4.orig:77.72.82.31 # Malicious Host
/var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.15
/var/db/pfblockerng/original/BDS_Ban_v4.orig:77.72.82.19
/var/db/pfblockerng/original/BlockListDE_All_v4.orig:77.72.82.15
/var/db/pfblockerng/original/BlockListDE_SSH_v4.orig:77.72.82.15
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.101
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.14
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.19
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.22
/var/db/pfblockerng/original/CINS_army_v4.orig:77.72.82.31
/var/db/pfblockerng/original/DangerRulez_v4.orig:77.72.82.15 # 2018-05-27 10:23:33 21 1486391
/var/db/pfblockerng/original/ET_Block_v4.orig:77.72.82.0/24
/var/db/pfblockerng/original/ET_Comp_v4.orig:77.72.82.15
/var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.56
/var/db/pfblockerng/original/GreenSnow_v4.orig:77.72.82.14
/var/db/pfblockerng/original/ISC_Block_v4.orig:77.72.82.0 77.72.82.255 24 1342 NETUP-AS , RU aospan@netup.ru
/var/db/pfblockerng/original/SuspectNetworks_v4.orig:77.72.82.0/24Strange as 77.72.82.0/24 include 77.72.82.1 to 77.72.82.254
Do you have suppression enabled ?
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs Yes but not used (yet)
-
Can you run
pfctl -vvsr | grep "pf" -
-
@morgion Again a "new" forum qwerk, missing a new line
pfctl -vvsr | grep "pf"2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@morgion said in Alias Native Logging:
@ronpfs Yes but not used (yet)
It's done when a Reload IP or Cron update run.
It should have remove the /var/db/pfblockerng/deny/CINS_army_v4.txt entriesI see the same thing on my box with De-Duplication, CIDR Aggregation and Suppression enabled
-
Shell Output - pfctl -vvsr | grep "pf"
@127(1770001239) pass quick on igb1 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
@128(1770001239) pass quick on igb2 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
@129(1770001239) pass quick on igb3 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
@130(1770001466) pass quick on igb1 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@131(1770001466) pass quick on igb1 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@132(1770001466) pass quick on igb1 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
@133(1770001466) pass quick on igb1 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
@134(1770001466) pass quick on igb2 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@135(1770001466) pass quick on igb2 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@136(1770001466) pass quick on igb2 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
@137(1770001466) pass quick on igb2 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
@138(1770001466) pass quick on igb3 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@139(1770001466) pass quick on igb3 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
@140(1770001466) pass quick on igb3 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
@141(1770001466) pass quick on igb3 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
@142(1770009104) block drop log quick on pppoe0 inet from <pfB_PRI1_v4:17167> to any label "USER_RULE: pfB_PRI1_v4"
@143(1770009128) block drop log quick on pppoe0 inet from <pfB_PRI2_v4:37959> to any label "USER_RULE: pfB_PRI2_v4"
@144(1770009318) block drop log quick on pppoe0 inet from <pfB_PRI3_v4:16803> to any label "USER_RULE: pfB_PRI3_v4"
@145(1770009226) block drop log quick on pppoe0 inet from <pfB_PRI4_v4:14347> to any label "USER_RULE: pfB_PRI4_v4"
@146(1770009208) block drop log quick on pppoe0 inet from <pfB_PRI5_v4:2363> to any label "USER_RULE: pfB_PRI5_v4"
@147(1770008838) block drop log quick on pppoe0 inet from <pfB_MAIL_v4:12149> to any label "USER_RULE: pfB_MAIL_v4"
@148(1770009301) block drop log quick on pppoe0 inet from <pfB_Abuse_PS_v4:2> to any label "USER_RULE: pfB_Abuse_PS_v4"
@149(1770008792) block drop log quick on pppoe0 inet from <pfB_TOR_v4:6703> to any label "USER_RULE: pfB_TOR_v4"
@150(1770009914) block drop log quick on pppoe0 inet from <pfB_Internic_4_v4:13> to any label "USER_RULE: pfB_Internic_4_v4"
@151(1770009587) block drop log quick on pppoe0 inet from <pfB_BlockListDE_v4:155> to any label "USER_RULE: pfB_BlockListDE_v4"
@152(1770009071) block drop log quick on pppoe0 inet from <pfB_DNSBLIP_v4:13203> to any label "USER_RULE: pfB_DNSBLIP_v4"
@153(1770009435) block drop log quick on pppoe0 inet6 from <pfB_PRI1_6_v6:99> to any label "USER_RULE: pfB_PRI1_6_v6"
@154(1770009706) block drop log quick on pppoe0 inet6 from <pfB_Internic_6_v6:13> to any label "USER_RULE: pfB_Internic_6_v6"
@155(1770004209) block return log quick on igb1 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
@156(1770004209) block return log quick on igb2 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
@157(1770004209) block return log quick on igb3 inet from any to <pfB_PRI1_v4:17167> label "USER_RULE: pfB_PRI1_v4"
@158(1770004233) block return log quick on igb1 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
@159(1770004233) block return log quick on igb2 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
@160(1770004233) block return log quick on igb3 inet from any to <pfB_PRI2_v4:37959> label "USER_RULE: pfB_PRI2_v4"
@161(1770004423) block return log quick on igb1 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
@162(1770004423) block return log quick on igb2 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
@163(1770004423) block return log quick on igb3 inet from any to <pfB_PRI3_v4:16803> label "USER_RULE: pfB_PRI3_v4"
@164(1770004331) block return log quick on igb1 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
@165(1770004331) block return log quick on igb2 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
@166(1770004331) block return log quick on igb3 inet from any to <pfB_PRI4_v4:14347> label "USER_RULE: pfB_PRI4_v4"
@167(1770004313) block return log quick on igb1 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
@168(1770004313) block return log quick on igb2 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
@169(1770004313) block return log quick on igb3 inet from any to <pfB_PRI5_v4:2363> label "USER_RULE: pfB_PRI5_v4"
@170(1770003943) block return log quick on igb1 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
@171(1770003943) block return log quick on igb2 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
@172(1770003943) block return log quick on igb3 inet from any to <pfB_MAIL_v4:12149> label "USER_RULE: pfB_MAIL_v4"
@173(1770004406) block return log quick on igb1 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
@174(1770004406) block return log quick on igb2 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
@175(1770004406) block return log quick on igb3 inet from any to <pfB_Abuse_PS_v4:2> label "USER_RULE: pfB_Abuse_PS_v4"
@176(1770003897) block return log quick on igb1 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
@177(1770003897) block return log quick on igb2 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
@178(1770003897) block return log quick on igb3 inet from any to <pfB_TOR_v4:6703> label "USER_RULE: pfB_TOR_v4"
@179(1770005019) block return log quick on igb1 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
@180(1770005019) block return log quick on igb2 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
@181(1770005019) block return log quick on igb3 inet from any to <pfB_Internic_4_v4:13> label "USER_RULE: pfB_Internic_4_v4"
@182(1770004692) block return log quick on igb1 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
@183(1770004692) block return log quick on igb2 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
@184(1770004692) block return log quick on igb3 inet from any to <pfB_BlockListDE_v4:155> label "USER_RULE: pfB_BlockListDE_v4"
@185(1770004176) block return log quick on igb1 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
@186(1770004176) block return log quick on igb2 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
@187(1770004176) block return log quick on igb3 inet from any to <pfB_DNSBLIP_v4:13203> label "USER_RULE: pfB_DNSBLIP_v4"
@188(1770004540) block return log quick on igb1 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
@189(1770004540) block return log quick on igb2 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
@190(1770004540) block return log quick on igb3 inet6 from any to <pfB_PRI1_6_v6:99> label "USER_RULE: pfB_PRI1_6_v6"
@191(1770004811) block return log quick on igb1 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
@192(1770004811) block return log quick on igb2 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
@193(1770004811) block return log quick on igb3 inet6 from any to <pfB_Internic_6_v6:13> label "USER_RULE: pfB_Internic_6_v6"
@211(1527214027) pass in log quick on pppoe0 reply-to (pppoe0 150.101.32.41) inet proto udp from <pfB_Oceania_v4:6752> to xx.xxx.xxx.xxx port = openvpn keep state label "USER_RULE: pfb_OpenVPN_Remote_Network_Access_wizard" -
@morgion It may be a bug that BBcan177 will need to address.
The pfBlockerNG firewall filter service looks for TrackerID 1770* and the pfB_Oceania_v4 is 1527214027.
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs At least we got to the bottom of it. Thank you very much for your assistance. Yourself and @BBcan17 are assets to the pfSense community!
-
@morgion Can you use Adv. Inbound rules and use "Permit Inbound" and let it auto-create the rule which will have the 177 tracker id prefix?
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
@morgion Can you use Adv. Inbound rules and use "Permit Inbound" and let it auto-create the rule which will have the 177 tracker id prefix?
Those rules do work, I have just been trying to not to create more aliases, and have more flexibility.
