Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG suppresion list, where to find?

    pfBlockerNG
    1
    2
    548
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HeMaN
      last edited by HeMaN

      I noticed a lot of errors for the DNS requests in my network. Did some digging and finally found out that someone managed to get 1.1.1.1 on the ICS_1000_30 list 😠

      From the "reports - alerts" I added the ip to the whitelisting (black plus sign, option 1 "suppress the ip"). Now 1.1.1.1 is working again. In the "reports - alerts" there is now a trashbin next to the 1.1.1.1 log rule. It states the ip is in the ip suppression list.

      I was curious where this suppression list was kept, so I looked around and the closest I could find is the alias "pfBlockerNGSuppress" (firewall / aliases / ip). However, that list is completely empty.

      Is there another list or place I can find the ips I have suppressed?
      I want to add a few ips there myself so that even in case they get blacklisted, at least my DNS keeps working (like 1.0.0.1, 8.8.8.8, and my providers dns servers)

      1 Reply Last reply Reply Quote 0
      • H
        HeMaN
        last edited by HeMaN

        Getting stranger, they are blocked again. According to the rule it should be suppressed but clearly it was blocked.

        I now manually added the ips to the alias and did a "update - reload -all) and now it is working again.

        ===[ Suppression Stats ]===================================

List                 Pre        Suppress   Master    
-----------------------------------------------------------
BinaryDefence_IPs_v4 1445       1445       67583     
 Suppression ET_Block_IP_Ranges_v4: 1.1.1.0/24 (Excluding: 1.1.1.1/32)
ET_Block_IP_Ranges_v4 995        994        67837     
ET_Compromised_IPs_v4 450        450        67837     
ISC_1000_30_v4       451        450        67836

        So the alias "pfBlockerNGSuppress" was apparently the right place to add them, only when I added it from the reports it did not show up there and was not working again a little later

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.