No IP block list using pfblockerng
-
I'm on pf sense version
22.05-RELEASE (amd64)and pfblockerng according to system->packet-manger->available packages as3.1.0_8I'm getting logs under the report as "unified" or "alerts" or "dnsbl" but there are no ip_block entries.
Also, note I had to create up_block file since none was present.
Under Firewall->rules-
I tested by manually entering the IP addresses seen on hover on event. See screenshot.
I see the message as I open to "unable to upload", then when I goto Firewall-Pfblockerng->Reports->Alerts
I see no alerts against the browsed IP. I also check the patch
using these stepsssh into your pfSense run vi /usr/local/pkg/pfblockerng/pfblockerng.inc Search for $r = explode(')', $result, 2); and replace it with $r = explode(' ', $result, 2); Open Status → Services Hit restart on the pfb_filter serviceThe
explodecode is no present in the .inc file, so I don't think the patch is valid to me.The output of pfblockerng shows as
[ pfB_PRI1_v4 - Talos_BL_v4 ] Download FAILFirewall and/or IDS (Legacy mode only) are not blocking download.
===[ Deny List IP Count============= 16799 total 13802 /var/db/pfblockerng/deny/CINS_army_v4.txt 1481 /var/db/pfblockerng/deny/ET_Block_v4.txt 649 /var/db/pfblockerng/deny/Talos_BL_v4.txt 580 /var/db/pfblockerng/deny/ET_Comp_v4.txt 153 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt 59 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt 40 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 19 /var/db/pfblockerng/deny/ISC_Block_v4.txt 14 /var/db/pfblockerng/deny/FireHOLLevel1_v4.txt 1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt 1 /var/db/pfblockerng/deny/FireHOLLevel2_v4.txtFurther,under firewall->pfblockerng->alerts under block I get
"Found 0 Alert Entries - Insufficient Alerts found."
-
@asadz You will need to go to: Status > System Logs > Firewall to see the blocked IP...that's where pfBlockerNg tells the firewall to log it.
-
@nollipfsense Thanks, but no i don't see no block event under that firewall logs, I always thought that ip_block is your file for pfblockerng block events. I can see blocks events under "unfied logs", as color red yet which is strange
-
@nollipfsense
I'm looking at
Log/File Path: /var/log/pfblockerng/ip_block.log -
As you can see i can see under "unified logs" the blocks of DNS but on highlighted IP Block set there is no IP?
-
@asadz also I can see the IP present under
/var/db/pfblockerng/deny/* but why not shown in IP block set? -
@asadz If you click on the Info button, see arrow, it should show the IP you were trying to go to. You don't need to mask you LAN address as no one can get to it.
