Some IPs are neither blocked nor permitted?

  • I use a SEIM product called EventSentry, with the NetFlow add-on, which shows me all IPs attempting to connect to our network. I also use pfBlocker for GeoIP blocking. I allow only traffic from the U.S., India, and New Zealand.

    If I look in my NetFlow logs in EventSentry, and see an IP that attempted to connect from, say, Russia, I should then be able to look under Logs in pfBlocker and see it blocked on the ip_block.log. Sometimes I do see it, but other IPs I don't see at all. I also checked ip_permit.log, and they aren't there either.

    Does anyone know what's going on here? Thanks for your help.

Log in to reply