Alias Native Logging
-
@morgion said in Alias Native Logging:
UnknownNot ListedThis is a new behaviour of the pfBlockerNG DNSBL service, it's dynamic and switch the Feed to
Unknownduring Cron Update or Force Reload. -
@morgion said in Alias Native Logging:
Nothing in Permit
Did you read the
infoblock?
Maybe if you use "pfb_" for rules prefix ?2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
Just tried again, verified cron not starting for another 20 minutes. exact same result.
-
@ronpfs I use pfb_Oceania_v4 in my OpenVPN Rule as Host/alias Source for the OpenVPN Pass rule
-
@morgion It's also become
Unknownwhen it's no longer in any DNSBL tables.So when it find an alert in the dnsbl.log file, it will display it in the Report tab even if it's no longer in any feed.
Can you hit the ^0 besides Quote in this forum (This will give me the minimum 3 Reputations so I don't have to wait "120 Sec" between post)
-
Just flicked through Diag/Tables all the pfb ip tables are populated.
Also included my Openvpn rules to show how it was setup
-
@morgion I guess the reports only search for Auto Rules as it has no way to figure out what are the FWRule TrackerIDs of your rules
-
@ronpfs That would be my guess, though It used to work pre development version, you just had to ensure logging was enabled for that rule. Im hoping its a bug that BBcan117 will get around to one day. if not it still works great and pfSense/pfBlocker is a fantastic product.
here is a pic of the pfBlocker reports fyi
-
@morgion You can check that the 77.72.82.71 (or 77.72.82 or 77.72.) is in you Permit/Deny/Match/Native db with something like
grep "^77.72.82" /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.orig2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@ronpfs said in Alias Native Logging:
grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
grep: /var/db/pfblockerng/permit/.txt: No such file or directory
grep: /var/db/pfblockerng/original/.orig: No such file or directory -
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
grep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
grep: /var/db/pfblockerng/permit/.txt: No such file or directory
grep: /var/db/pfblockerng/original/.orig: No such file or directoryOups missing 2 "*" because I did'nt use a </> Code block
grep “^77.72.82” /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.orig -
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
-
@ronpfs said in Alias Native Logging:
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"No effect
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
@BBcan17 said in [Email] :
In Extra Options, change the Description to something that start with "pfb_"No effect
Maybe do a Force Reload IP
Restart the pfBlockerNG firewall filter service
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
grep “^77.72.” /var/db/pfblockerng/permit/*.txt /var/db/pfblockerng/original/*.origIt maybe in a big block range.
If you go further down in the Alerts Tab (maybe change the settings to get more alerts) was it in a table as some point in time?
-
Still no output from grep
Alerts tab
May 28 11:41:32 WAN pfB_PRI1_v4
(1770009104) TCP-S 77.72.82.71:59854
hostby.ups-gb.co.uk xxx.xxx.xxx.xxx:59599
GB ET_Block_v4
77.72.82.0/24get hit by this one a lot so didn't have to look far, not unknown anymore. also doing full reload now
EDIT: Full reload didn't help
-
@morgion said in Alias Native Logging:
doing full reload now
If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.
You can also peek at the ip_permit.log file.
-
@ronpfs said in Alias Native Logging:
@morgion said in Alias Native Logging:
doing full reload now
If your Permit rules don't generate alerts, try to restart the pfBlockerNG firewall filter service.
You can also peek at the ip_permit.log file.
Restarted pfBlocker Firewall Filter service, ip_permit.log empty
-
@morgion said in Alias Native Logging:
@ronpfs said in Alias Native Logging:
rep “^77.72.82” /var/db/pfblockerng/permit/.txt /var/db/pfblockerng/original/.orig
No output
Looks like you don't need the "
grep ^77.72.82 /var/db/pfblockerng/*/*.txt /var/db/pfblockerng/original/*.orig
