Trying to use the Status Logs Filter to add a deny rule

gsrobinson210

I am getting the following when I try to add a deny for an external address on the WAN network.

Notifications in this message: 1

14:08:10 PHP ERROR: Type: 1, File: /etc/inc/easyrule.inc, Line: 166, Message: Uncaught Error: Cannot create references to/from string offsets in /etc/inc/easyrule.inc:166 Stack trace:
#0 /etc/inc/easyrule.inc(248): easyrule_block_alias_add('104.200.142.228', 'wan')
#1 /etc/inc/easyrule.inc(365): easyrule_block_host_add('104.200.142.228', 'wan', 'inet')
#2 /usr/local/www/easyrule.php(47): easyrule_parse_block('wan', '104.200.142.228', 'inet')
#3 {main}
thrown

Any ideas on how to fix it?

KOM

Wait for jimp to fix that code or fix it yourself and submit the patch.

As a workaround, you can add the rule yourself manually. Usually WAN is configured to deny all incoming connections by default. Why do you need to explicitly deny this one IP address? You're trying to keep someone away from a NAT you created?

jimp

That was fairly easy to reproduce. Happens only if you don't have any aliases in the config (more specifically, if you had one and then deleted it)

https://redmine.pfsense.org/issues/9119

I committed a fix, it will show up on that issue shortly.

johnpoz

Still curious to KOMs question.. The only reason to create a specific block would be if you have a port forward setup and want to prevent this 1 IP from accessing it.

That is going to get messy really quick if your blocking IPs in whack a mole fashion.