pfBlockerNG Ghost Auto Rule
-
Hello,
I am encountering a weird issue where pfBlockerNg is creating a permit auto rule in our pfsense rulebase, but the GUI does not show a corresponding Ipv4 rule int pfBlockerNG rulebase. The auto rule that is being created is for the North American Continent and it permits all traffic from the continent, I erase or disable the rule and it reappears after the next cron/update for pfBlockerNg. No such rule currently exists in ipv4 or v6 tabs, there I only have alias entries for specific countries. How do I get rid of this rule?
TNX -
Did you look at the pfblockerng.log ? Do you have something defined in GeoIP tab?
-
@ronpfs said in pfBlockerNG Ghost Auto Rule:
pfblockerng.log
All I see in the logfile is when I delete the rule the next time the cron job runs I get:
Firewall rule changes found, applying Filter ReloadI am not sure what you mean by the Geo-IP tab. Do you mean the Country Tab? I have used it to create IPv4 rules. I don't see anything there which is defined to create the auto rule for permit traffic to all North America.
-
In pfBlockerNG-devel 2.2.1 the Country tab is now GeoIP.
Run a Force Update than a Force Reload All and inspect the pfblockerng.log -
Thanks,
You gave me the direction I needed. I thought the Geo-IP tab was just a way to create rule in the IPv4 and v6 tab. I didn't realize it also kept rules independently. So solved
Again, thanks
