Alias List no longer working for inbound firewall rules
-
I use an alias list of IPs and hostnames to allow incoming connections over a specific port from said alias list of sources. All of a sudden as of last night, that alias list is no longer working. All inbound connections from that alias list are being blocked by my firewall. If I change the firewall rule to a source of ANY instead of the Alias list, connections work fine.
What info/logs should I be looking at to troubleshoot this?
-
Are you using Snort, Suricata or pfBlocker? Any time firewall rule funnies suddenly start happening, this is the first place to look.
-
I was using pfBlocker and that was my first thought as well but I've since disabled and then removed that package and it still doesn't work. Snort is installed but disabled.
-
And you're 100% positive that the blocked IP addresses are in your alias table?
-
no NottkN .Yesse@kom said in Alias List no longer working for inbound firewall rules:
And you're 100% positive that the blocked IP addresses are in your alias table?
Yes. Not only are IPs previously on the list being blocked, but I added new ones for testing and those are being blocked as well. This alias list has been working without issue for over 2 years now and I haven't made any recent changes to my pfsense config.
I just don't know where to go from here.
-
Check Diagnostics > Tables when the problem happens. Is the entry for this alias empty? Or missing any expected values?
It's possible you're hitting https://redmine.pfsense.org/issues/8758
-
@jimp said in Alias List no longer working for inbound firewall rules:
Check Diagnostics > Tables when the problem happens. Is the entry for this alias empty? Or missing any expected values?
It's possible you're hitting https://redmine.pfsense.org/issues/8758
I will check this next time @jimp. It's happened twice in the past week or so so I imagine it will happen again. Only a reboot solves it for me.