bogon - where does the block rule log?
-
[2.6.0-RELEASE][admin@pfSense-phs.pcsd.arpa]/tmp: ls -al /etc/bogons -rw-r--r-- 1 root wheel 16463 Feb 5 06:03 /etc/bogons [2.6.0-RELEASE][admin@pfSense-phs.pcsd.arpa]/tmp: date Fri Feb 10 09:52:51 EST 2023 [2.6.0-RELEASE][admin@pfSense-phs.pcsd.arpa]/tmp: grep 100.64 /etc/bogons 100.64.0.0/10100.64/10 is listed..
I'm working through an issue with dns via dnsdist.. and I'm getting log hits for 100.64 networks..
100.115.92.129 specificially..
Uptime: an hour, Number of queries: 407631 (147.00 qps), ACL drops: 254, Dynamic drops: 0, Rule drops: 2 Average response time: 0.27 ms, CPU Usage: 4.90%, Cache hitrate: 30.56%, Server selection policy: roundrobin Listening on: 0.0.0.0:443, 10.20.0.15:53, ACL: !100.64.0.0/10, 0.0.0.0/0grep 100.115.92 /var/log/dnsdist/* | wc -l 145logs hits in dnsdist..
pfctl -sa | grep bogon block drop in log quick on igb1 from <bogons> to any label "block bogon IPv4 networks from WAN" ridentifier 11001 block bogon IPv4 networks from WAN 1344439438 41 1872 41 1872 0 0 0 bogonssays were blocking bogons.. but where does it load bogons from..
[2.6.0-RELEASE][admin@pfSense-phs.pcsd.arpa]/var/log: bzgrep -ci block filter.log* filter.log:373 filter.log.0.bz2:2794 filter.log.1.bz2:2659 filter.log.2.bz2:2673 filter.log.3.bz2:2599 filter.log.4.bz2:2554 filter.log.5.bz2:2600 filter.log.6.bz2:2699 [2.6.0-RELEASE][admin@pfSense-phs.pcsd.arpa]/var/log: bzgrep -ci bogon filter.log* filter.log:0 filter.log.0.bz2:0 filter.log.1.bz2:0 filter.log.2.bz2:0 filter.log.3.bz2:0 filter.log.4.bz2:0 filter.log.5.bz2:0 filter.log.6.bz2:0Thank you in advance.
-
This post is deleted!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.