Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    traffic getting through pfblocker

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 297 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      msmcknight
      last edited by

      Hi Everyone,

      I have a weird problem that's got me stumped...

      I'm using pfBlockerNG to block IP addresses I know are hostile. This generally works without issue, but I have an attack underway that isn't being blocked.

      I've added the source network 74.118.138.0/24 to my pfBlocker list and reloaded the rules. That's normally all I need to do. But in this case, traffic is still sneaking by.

      When I look at the pfBlocker IPv4 Custom List, I see the address that I entered, but in the rule display if I hover over the rule that references the list, the pop-up doesn't show the address.

      If I manually add a block rule, traffic is blocked, but for some reason, adding it to the pfblocker list isn't working.

      Other addresses in the same pfblocker list are being blocked.

      Any ideas as to what the cause might be, or steps I could take to troubleshoot/debug the pfblocker component?

      Thanks to you all in advance,
      -Michael

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        When you run a reload its just using the previously downloaded file and will be updated on the next scheduled cron run if this alias falls within that cron time frame.
        With pfBlockerNG-devel, when you add an IP to the customlist, it will be added when you run a Force Update, but that is not the case with the pfBlockerNG version.
        You can alternatively goto the Log Browser tab and delete the file for this alias in the /Deny folder, and then Force Update for it to be added... But would hightly recommend to goto pfBlockerNG-devel which is overall stable and much improved.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • M
          msmcknight
          last edited by

          Thanks for the reply. I found a way to get it to work...

          At the bottom of the Custom Address List, there is a drop-down menu with the option "Update Custom List" -- selecting that item and then forcing an update fixed the issue and the address was correctly blocked.

          What's odd is that I've never had to select that before. I've always just added the address, forced an update and literally watched as no more targeted traffic made it through the firewall.

          I'm not sure what changed, but at least I was able to get it working.

          Thanks again!
          -Michael

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.