IPv4 Custom_List entries wrong
-
IF
the IP is included in another list/range and
you have de-duplication turned on
it will get removed from the list. (Already included somewhere else)
at the end of the process if it is the only IP left on this list, it has to point somewhere. So this address you are seeing is it.if you have that option set any you look at the pfblockerng.log for the latest run, in the summary under the Deny List IP Counts, this list is likely listed at the end with 1 IP
if you add another IP to this list (and it is not already included elsewhere) the summary will still show 1, (even though you had 2 in the list) but this time it will have the IP of the one that is not included on another list.
-
====================[ Empty Lists w/127.1.7.7 ]==================
Manual_blocked_IPs_custom_v4.txt
NVT_BL_v4.txtOK! Thx.
-
That seems different.
What version are you running?
Do you have de-duplication enabled?
I have created a duplicate and in the log I don't have anything for "Empty Lists"
but in this section of the log
[ Deny List IP Counts
. . .
25 /var/db/pfblockerng/deny/file1.txt
21 /var/db/pfblockerng/deny/file2.txt
2 /var/db/pfblockerng/deny/file3.txt
1 /var/db/pfblockerng/deny/file4.txtthe last one contains a duplicate of an IP that is already included above pointing at the 127.x.x.x address (so not "empty") but "changed"
Try and remove the /32 from IP (just leaving the IP) see if that changes anything (it shouldn't really)
also make sure there are no spaces at the end of the line,
and the entry on a line by itself (ie you hit return/enter at the end)you could enter it like
#
IP here
# -
I can recreate what you are seeing with the address you provided because, this address 89.248.160.0/20 is already in another list I already have from a downloaded list.
Because it is the only address in your list I do in fact see this for this case
====================[ Empty Lists w/127.1.7.7 ]==================
testempty_custom_v4.txt
Then I added another address that I knew would not be included elsewhere to the custom list and now the list no longer considered "empty" but only has the 1 address
Nothing wrong.
-
@jrey Great. Thank you for confirming!
-
Nothing wrong
Actually I would suggest there is something wrong… As someone pointed out a while back if a person has ports on their deny entries the dedupe will still pull IPs out of them…even though they would then allow the IPs on some ports. Alias Native will not dedupe, just create aliases to be used in rules.
-
@steveits no ports on any deny rule. Just on the one allow ip one.
-
@steveits said in IPv4 Custom_List entries wrong:
As someone pointed out a while back
Actually that may have been me.
and correct if The OP needs them to remain in that specific list, to keep that IP tied to a specific Rule, then yes you need to use the Alias type and create the rule. But also as the OP indicated it is a "deny both" so in the case as presented it is working as expected.
Thanks for pointing out the additional required step, depending on the actually use case. I didn't get the impression from the OP that it needed to remain on that specific list only, but rather that it just needed be blocked with the deny both
All good.
JR -
@jrey from all said I think that having all Alias Native and making my own rules is the best way forward…
Just more work
-
I actually use a combination, and mostly because I needed to "tweak" the order in the floating rules section for a specific use case requiring some IP's to remain in a specific rule.
It's not that much extra work to set up, and it does give you more control.
-
@jrey well then, hello again :)
Yeah to be clear it’s not always a problem. One also has to have the dedupe option checked. However it’s not intuitive and potentially dangerous, so I try to call it out.