Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IP Blocking - Is this a bug?

    pfBlockerNG
    2
    6
    179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian last edited by

      Can someone please tell me if this is a bug? Shouldn't any blocked IP be part of a list?

      9f937395-dda1-4942-821d-d6753549203a-image.png

      If you find my post useful, please give it a thumbs up!
      pfSense 2.5.2-RELEASE-CE

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        @guardian said in IP Blocking - Is this a bug?:

        Can someone please tell me if this is a bug? Shouldn't any blocked IP be part of a list?

        It could be that those IPs are no longer in your blocklists?

        You can confirm with a grep cmd for those IPs:

        grep "198.49.23.144" /var/db/pfblockerng/deny/*
        grep "^198\.49\.23" /var/db/pfblockerng/deny/*
        grep "^198\.49" /var/db/pfblockerng/deny/*
        grep "^198" /var/db/pfblockerng/deny/*
        

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        G 1 Reply Last reply Reply Quote 0
        • G
          guardian @BBcan177 last edited by

          @BBcan177 said in IP Blocking - Is this a bug?:

          @guardian said in IP Blocking - Is this a bug?:

          Can someone please tell me if this is a bug? Shouldn't any blocked IP be part of a list?

          It could be that those IPs are no longer in your blocklists?

          You can confirm with a grep cmd for those IPs:

          grep "198.49.23.144" /var/db/pfblockerng/deny/*
          grep "^198\.49\.23" /var/db/pfblockerng/deny/*
          grep "^198\.49" /var/db/pfblockerng/deny/*
          grep "^198" /var/db/pfblockerng/deny/*
          

          Thanks for the response. It appears as if they are no longer in the lists... Does that mean that the IP was in a list at the time that was blocked and then an update removed the item from the list? If that is the case, then the list is dynamic recreated every time the page is displayed?

          If you find my post useful, please give it a thumbs up!
          pfSense 2.5.2-RELEASE-CE

          BBcan177 1 Reply Last reply Reply Quote 0
          • BBcan177
            BBcan177 Moderator @guardian last edited by

            @guardian said in IP Blocking - Is this a bug?:

            Thanks for the response. It appears as if they are no longer in the lists... Does that mean that the IP was in a list at the time that was blocked and then an update removed the item from the list? If that is the case, then the list is dynamic recreated every time the page is displayed?

            Yes it seems like the IP is no longer listed if you can't grep for it.
            I have no idea where this list comes from. If you are using a remote source (URL) for this feed, then its managed by that maintainer. If this is your own Feed, then IPs would be added/removed by you.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            G 1 Reply Last reply Reply Quote 0
            • G
              guardian @BBcan177 last edited by

              @BBcan177 said in IP Blocking - Is this a bug?:

              @guardian said in IP Blocking - Is this a bug?:

              Thanks for the response. It appears as if they are no longer in the lists... Does that mean that the IP was in a list at the time that was blocked and then an update removed the item from the list? If that is the case, then the list is dynamic recreated every time the page is displayed?

              Yes it seems like the IP is no longer listed if you can't grep for it.
              I have no idea where this list comes from. If you are using a remote source (URL) for this feed, then its managed by that maintainer. If this is your own Feed, then IPs would be added/removed by you.

              Thanks for the reply @BBcan177. So is this a bug? I can understand a list changing, and that's no problem -- am I correct that the list name is not logged when the event occurs?

              Am I correct then that it's just a matter of report not being able to show which list the IP address is in because the list has changed?

              If that is the case then I guess there is no issue. I rebooted the firewall just in case as I saw something in the daily log report that I didn't like - every interface on em1 did:

              May 1 05:35:01 pfsense kernel: em1.X: promiscuous mode disabled
              followed by
              May 1 05:35:01 pfsense kernel: em1.X: promiscuous mode enabled

              If you find my post useful, please give it a thumbs up!
              pfSense 2.5.2-RELEASE-CE

              BBcan177 1 Reply Last reply Reply Quote 0
              • BBcan177
                BBcan177 Moderator @guardian last edited by

                @guardian said in IP Blocking - Is this a bug?:

                Thanks for the reply @BBcan177. So is this a bug? I can understand a list changing, and that's no problem -- am I correct that the list name is not logged when the event occurs?
                Am I correct then that it's just a matter of report not being able to show which list the IP address is in because the list has changed?

                When you refresh the Alerts tab in pfBlockerNG, it checks to see if the IP is still listed in the /var/db/pfblockerng/deny/ folder. If it doesn't find the IP, it will report as "No Match".
                What gets added/removed in the Feed (URL) is not managed by the package. IPs are being added/removed all the time by the Feed Maintainers.

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post