pfblockerng error: Unknown Not listed!
-
Run these commands to see where these IPs are listed:
grep "\.0\.0\.0" /var/db/pfblockerng/deny/* grep "\.0\.0\.0" /var/db/pfblockerng/original/* grep "\.0\.0\.0" /var/db/aliastables/*
Do you have any entries defined in this Alias "Customlist"?
For the Widget pivot to the Alerts Tab. Run this command to see what entries are in the ip_block.log:
grep "pfB_Attack_v4" /var/log/pfblockerng/ip_block.log
It could be that the ip_block.log is rotating the max. line count and clearing out those entries. You can increase these log line limits in the General Tab.
-
@bbcan17 said in pfblockerng error: Unknown Not listed!:
Run these commands to see where these IPs are listed:
grep "\.0\.0\.0" /var/db/pfblockerng/deny/* grep "\.0\.0\.0" /var/db/pfblockerng/original/* grep "\.0\.0\.0" /var/db/aliastables/*
Do you have any entries defined in this Alias "Customlist"?
For the Widget pivot to the Alerts Tab. Run this command to see what entries are in the ip_block.log:
grep "pfB_Attack_v4" /var/log/pfblockerng/ip_block.log
It could be that the ip_block.log is rotating the max. line count and clearing out those entries. You can increase these log line limits in the General Tab.
Shell Output - grep ".0.0.0" /var/db/pfblockerng/deny/*
/var/db/pfblockerng/deny/ET_Block_IP_v4.txt:161.0.0.0/19
/var/db/pfblockerng/deny/ET_Block_IP_v4.txt:223.0.0.0/15Shell Output - grep ".0.0.0" /var/db/pfblockerng/original/*
/var/db/pfblockerng/original/ET_Block_IP_v4.orig:161.0.0.0/19
/var/db/pfblockerng/original/ET_Block_IP_v4.orig:223.0.0.0/15Shell Output - grep ".0.0.0" /var/db/aliastables/*
grep: /var/db/aliastables/*: No such file or directoryhttps://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
So it's a problem with this list?
What do you mean with this? Do you have any entries defined in this Alias “Customlist”?
Firewall->Aliases? yes I have defined custom ports that I'm using like this, so pfblockerng only blocks ports inbound that I have open
For the second part
Shell Output - grep "pfB_Attack_v4" /var/log/pfblockerng/ip_block.log
Jun 16 10:38:00,1770010014,igb0,LAN,block,4,6,TCP-S,192.168.1.209,196.196.193.44,48140,45278,out,IE,pfB_Attack_v4,196.196.0.0/14,ET_Block_IP_v4,Unknown,Unknown,+I have increased the limits to 40k
-
Those IPs must have been in the feed at some point. But the grep commands are telling you that they are no longer in any feed.
I assume that pfBlockerNG is disabled, as this should not return that error if there are files in that folder:
Shell Output - grep “.0.0.0” /var/db/aliastables/*
grep: /var/db/aliastables/*: No such file or directoryWhat do you mean with this? Do you have any entries defined in this Alias “Customlist”?
At the bottom of each Alias is "IPv4 Custom_list" where you can manually add IPs to an Alias.
-
@bbcan177 said in pfblockerng error: Unknown Not listed!:
Those IPs must have been in the feed at some point. But the grep commands are telling you that they are no longer in any feed.
I assume that pfBlockerNG is disabled, as this should not return that error if there are files in that folder:
Shell Output - grep “.0.0.0” /var/db/aliastables/*
grep: /var/db/aliastables/*: No such file or directoryWhat do you mean with this? Do you have any entries defined in this Alias “Customlist”?
At the bottom of each Alias is "IPv4 Custom_list" where you can manually add IPs to an Alias.
Right, I enabled it and run the command again
Shell Output - grep ".0.0.0" /var/db/aliastables/*
/var/db/aliastables/pfB_Attack_v4.txt:161.0.0.0/19
/var/db/aliastables/pfB_Attack_v4.txt:223.0.0.0/15And custom lists are all empty
it's a missconfiguration in my side or a bug? can I fix it?
-
@l0rdraiden said in pfblockerng error: Unknown Not listed!:
it’s a missconfiguration in my side or a bug? can I fix it?
Well in its current state, I can't see any Feed that has those IPs? So I don't see anything to fix either way.
If it happens again, run those commands and we can do some more debugging.
Also note that there is a new feature in the IP Alias settings > Advanced Tuneables > Suppression CIDR Limit. Here you can define a max CIDR to utilize, so that a Feed doesn't try to block a large range of IPs. YMMV
-
@l0rdraiden Why don't you remove the http://vxvault.net/ViriList.php?s=0&m=100 URL as it's not geared for IPV4
-
Hi,
Sorry for bumping this topic up, but can somebody explain why I get Unknown Not listed in this case:
# grep 113.1.135.78 /var/db/pfblockerng/* -r /var/db/pfblockerng/deny/CINS_army_v4.txt:113.1.135.78 /var/db/pfblockerng/mastercat:113.1.135.78 /var/db/pfblockerng/masterfile:CINS_army_v4 113.1.135.78 /var/db/pfblockerng/original/CINS_army_v4.orig:113.1.135.78
Why if this IP is not listed, it's still getting blocked?
Is there a description of what all of those files/folders under /var/db/pfblockerng/ are intended for?
Thanks in advance!
-
@jazzl0ver You might be better off starting a new thread and linking this thread as reference.
-
@NollipfSense not sure it's wise to create different threads for the same topic. It'll be harder to search things if someone face same issue.
-
@jazzl0ver said in pfblockerng error: Unknown Not listed!:
same issue
The pfBlockerNG of today (2.2.5_27) is not comparable with what we've been using in 2018.
-
@Gertjan ok, guys. will do