• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IP Alias List Creation Issue

Scheduled Pinned Locked Moved pfBlockerNG
4 Posts 2 Posters 621 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jcook.atlas
    last edited by Mar 8, 2023, 3:58 PM

    Weird issue here. I'm attempting to use pfBlockerNG_devel to download an IP list from an INTERNAL apache server then add it as an alias list to pfsense. The list a clear-text file of JUST IP addresses yet when pfBlockerNG updates, I get this in the log viewer:

    Screenshot 2023-03-08 101022.jpg

    Here's the IP List setup:
    Screenshot 2023-03-08 105532.jpg

    Any ideas ? This is one of the last few pieces holding up build completion.

    S 1 Reply Last reply Mar 10, 2023, 9:31 PM Reply Quote 0
    • S
      superbree @jcook.atlas
      last edited by Mar 10, 2023, 9:31 PM

      @jcook-atlas I bet your custom list contains private ip addresses?

      I have a similar problem as you. PFBlockerNG is supposed to have a setting in the IP tab called "suppression" normally disabling suppression will allow private IPs to stay in the customer lists downloaded. This new version appears to be broken and strips out all RFC1918/Loopback addresses from lists downloaded even if suppression is disabled.

      1 Reply Last reply Reply Quote 0
      • J
        jcook.atlas
        last edited by Mar 13, 2023, 12:11 PM

        I found an alternative to using pfBlockerNG to accomplish list downloads.

        For others looking for this solution here it is:

        1. create your list as a simple plain-text TXT document with JUST a line-by-line listing of the network (in CIDR), the host IP (straight or CIDR), or the URL.

        2. publish that TXT file on a TRUSTED (and preferably INTERNAL) web-server (I personally prefer Apache)

        3. from the pfSense Firewall menu, choose 'Aliases' >> URLs >> 'Add' >> Set the 'Type' drop-down to "URL Tables (IPs)", enter the http/https address of the list you are hosting in the 'URL Table (IPs)' URL field, then set the update window. Click Save and your are done.

        To update more frequently that daily, set up a CRON job to execute '/etc/rc.update_alias_url_data' as root at what ever periodicity that you want - again, I prefer 90-min updates so my CRON jobs are running at 0 0,3,6,9,12,15,18,21 * * * and 30 1,4,7,10,13,16,19,22 * * *

        All and all pretty simple, straight-forward and sustainable.

        S 1 Reply Last reply Mar 15, 2023, 7:19 AM Reply Quote 0
        • J jcook.atlas referenced this topic on Mar 13, 2023, 12:16 PM
        • S
          superbree @jcook.atlas
          last edited by Mar 15, 2023, 7:19 AM

          @jcook-atlas. this is the exact setup i was using before switching to pfblockerng. i switched because of needing to touch the alias file and change the date to older to make it actually update. I'll check my notes on it.

          Thanks for the suggestion. This may work in the interim but I would love to see the designed functionality of PFBlocker fixed.

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received