• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfblockerng-devel error: Unknown Not listed!

Scheduled Pinned Locked Moved pfBlockerNG
7 Posts 3 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jazzl0ver
    last edited by jazzl0ver Dec 17, 2019, 3:21 PM Dec 17, 2019, 3:18 PM

    Hi,

    Can somebody explain, pls, why I get Unknown Not listed in this case:
    56882566-2cc2-4b36-82f0-2bd5f83bb9b9-image.png

    # grep 113.1.135.78 /var/db/pfblockerng/* -r
    /var/db/pfblockerng/deny/CINS_army_v4.txt:113.1.135.78
    /var/db/pfblockerng/mastercat:113.1.135.78
    /var/db/pfblockerng/masterfile:CINS_army_v4 113.1.135.78
    /var/db/pfblockerng/original/CINS_army_v4.orig:113.1.135.78
    

    Why if this IP is not listed, it's still getting blocked?

    Is there a description of what all of those files/folders under /var/db/pfblockerng/ are intended for?

    Thanks in advance!

    PS The old thread was https://forum.netgate.com/topic/131939/pfblockerng-error-unknown-not-listed
    PPS pfBlockerng-devel 2.2.5_27

    1 Reply Last reply Reply Quote 0
    • N
      NollipfSense
      last edited by Dec 18, 2019, 8:42 PM

      Are you saying you wanted to go to that address and it were blocked? To me intuitively, it seems that the IP address belongs to a GeoIP list of known bad actors but not to a DNSBL feed...so; the IP address will never resolve to a domain name. It seems that you'll need to wait for BBcan177 to explain further!

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • R
        RonpfS
        last edited by RonpfS Dec 19, 2019, 1:13 AM Dec 19, 2019, 12:31 AM

        @jazzl0ver said in pfblockerng-devel error: Unknown Not listed!:

        grep 113.1.135.78 /var/db/pfblockerng/*

        Unknow Not Listed normally occur when a IP has been removed and no longer present in /var/db/pfblockerng/deny/*.txt. It can also happen when a Update is running that the file is being rebuilt.

        Example my cron start at 14:15:00, the IP table was being built around 14:20:24 :

        Line 10238: Dec 8 14:19:38,1770009444,xl0,WAN,block,4,6,TCP-S,92.118.37.97,AAA.BBB.CCC.DDD,40887,56027,in,RO,pfB_PRI2_v4,92.118.37.0/24,PRI2_Alienvault_v4,Unknown,wan,| 35606 | IPDONNEROLEG | Donner Oleg Alexeevich |,+
        	Line 10244: Dec 8 14:20:24,1770009444,xl0,WAN,block,4,6,TCP-S,92.118.37.97,AAA.BBB.CCC.DDD,40887,47202,in,RO,pfB_PRI2_v4,Unknown,Unknown,Unknown,wan,| 35606 | IPDONNEROLEG | Donner Oleg Alexeevich |,+
        	Line 10248: Dec 8 14:21:32,1770009444,xl0,WAN,block,4,6,TCP-S,92.118.37.97,AAA.BBB.CCC.DDD,40887,59847,in,RO,pfB_PRI2_v4,92.118.37.0/24,PRI2_Alienvault_v4,Unknown,wan,| 35606 | IPDONNEROLEG | Donner Oleg Alexeevich |,+
        

        Also when searching for IP in /var/db/pfblockerng, you should maybe search for networks instead of hosts : grep 113.1.135. /var/db/pfblockerng/*

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • N
          NollipfSense
          last edited by Dec 19, 2019, 5:34 AM

          Oh, so, somehow, somewhere, pfBlockerNG has a list of IP's that doesn't belong to any list and is active and blocking them...in your case 113.1.135.79!

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          • R
            RonpfS
            last edited by RonpfS Dec 19, 2019, 6:30 AM Dec 19, 2019, 5:58 AM

            Nope.

            During the update process, the FW continue blocking as per the FW rules and Aliases.

            Update fetch the URLs, gather IP data, does De-Duplication, CIDR Aggregation, Suppression etc, it re-creates the /var/dg/pfblockerng/deny/*.txt and some other files.
            At the End of the IP phase, it Update the Aliases for the IP tables in /var/db/aliastables/, reload as per the log

            ===[  Aliastables / Rules  ]==========================================
            
            No changes to Firewall rules, skipping Filter Reload
            
             Updating: pfB_PRI1_v4
            444 addresses added.1073 addresses deleted.
             Updating: pfB_PRI2_v4
            79 addresses added.23 addresses deleted.
             Updating: pfB_PRI3_v4
            494 addresses added.455 addresses deleted.
             Updating: pfB_PRI4_v4
            388 addresses added.31 addresses deleted.
             Updating: pfB_PRI5_v4
            no changes.
             Updating: pfB_Abuse_PS_v4
            no changes.
             Updating: pfB_PFB_Whitelist_v4
            no changes.
             Updating: pfB_DNSBLIP_v4
            413 addresses added.76 addresses deleted.
            

            So during the Update process, if a pfblockerNG FW rules is triggered, (still using the Alias present before the Update started), pfBlockerNG firewall filter service , try to find the feed and update /var/log/pfblockerng/ip_block.log.

            So there is always a window of time when some files go missing from /var/db/pfblockerNG/deny/*.txt, the service will then report the feed as Not listed

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            N 1 Reply Last reply Dec 19, 2019, 5:36 PM Reply Quote 1
            • J
              jazzl0ver
              last edited by jazzl0ver Dec 19, 2019, 9:58 AM Dec 19, 2019, 8:56 AM

              Thank you very much, @RonpfS !

              Can you pls shed some light on the purpose of other files/folders under /var/db/pfblockerng?

              1 Reply Last reply Reply Quote 0
              • N
                NollipfSense @RonpfS
                last edited by Dec 19, 2019, 5:36 PM

                @RonpfS said in pfblockerng-devel error: Unknown Not listed!:

                So there is always a window of time when some files go missing from /var/db/pfblockerNG/deny/*.txt, the service will then report the feed as Not listed

                Okay, thank you for thoughtful explanation...awesome!

                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received