Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv4 Custom_List entries wrong

    pfBlockerNG
    3
    12
    729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      manilx @jrey
      last edited by manilx

      @jrey

      ====================[ Empty Lists w/127.1.7.7 ]==================

      Manual_blocked_IPs_custom_v4.txt
      NVT_BL_v4.txt

      OK! Thx.

      Netgate 8200max

      J 1 Reply Last reply Reply Quote 0
      • J
        jrey @manilx
        last edited by jrey

        @manilx

        That seems different.

        What version are you running?

        Do you have de-duplication enabled?

        I have created a duplicate and in the log I don't have anything for "Empty Lists"
        but in this section of the log
        [ Deny List IP Counts
        . . .
        25 /var/db/pfblockerng/deny/file1.txt
        21 /var/db/pfblockerng/deny/file2.txt
        2 /var/db/pfblockerng/deny/file3.txt
        1 /var/db/pfblockerng/deny/file4.txt

        the last one contains a duplicate of an IP that is already included above pointing at the 127.x.x.x address (so not "empty") but "changed"

        Try and remove the /32 from IP (just leaving the IP) see if that changes anything (it shouldn't really)
        also make sure there are no spaces at the end of the line,
        and the entry on a line by itself (ie you hit return/enter at the end)

        you could enter it like
        #
        IP here
        #

        J 1 Reply Last reply Reply Quote 0
        • J
          jrey @jrey
          last edited by

          @jrey

          I can recreate what you are seeing with the address you provided because, this address 89.248.160.0/20 is already in another list I already have from a downloaded list.

          Because it is the only address in your list I do in fact see this for this case

          ====================[ Empty Lists w/127.1.7.7 ]==================

          testempty_custom_v4.txt

          Then I added another address that I knew would not be included elsewhere to the custom list and now the list no longer considered "empty" but only has the 1 address

          Nothing wrong.

          M S 2 Replies Last reply Reply Quote 0
          • M
            manilx @jrey
            last edited by

            @jrey Great. Thank you for confirming!

            Netgate 8200max

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @jrey
              last edited by

              @jrey

              Nothing wrong

              Actually I would suggest there is something wrong… As someone pointed out a while back if a person has ports on their deny entries the dedupe will still pull IPs out of them…even though they would then allow the IPs on some ports. Alias Native will not dedupe, just create aliases to be used in rules.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              M J 2 Replies Last reply Reply Quote 0
              • M
                manilx @SteveITS
                last edited by

                @steveits no ports on any deny rule. Just on the one allow ip one.

                Netgate 8200max

                1 Reply Last reply Reply Quote 0
                • J
                  jrey @SteveITS
                  last edited by jrey

                  @steveits said in IPv4 Custom_List entries wrong:

                  As someone pointed out a while back

                  Actually that may have been me.

                  and correct if The OP needs them to remain in that specific list, to keep that IP tied to a specific Rule, then yes you need to use the Alias type and create the rule. But also as the OP indicated it is a "deny both" so in the case as presented it is working as expected.

                  Thanks for pointing out the additional required step, depending on the actually use case. I didn't get the impression from the OP that it needed to remain on that specific list only, but rather that it just needed be blocked with the deny both

                  All good.
                  JR

                  M S 2 Replies Last reply Reply Quote 0
                  • M
                    manilx @jrey
                    last edited by

                    @jrey from all said I think that having all Alias Native and making my own rules is the best way forward…
                    Just more work 😊

                    Netgate 8200max

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jrey @manilx
                      last edited by

                      @manilx

                      I actually use a combination, and mostly because I needed to "tweak" the order in the floating rules section for a specific use case requiring some IP's to remain in a specific rule.

                      It's not that much extra work to set up, and it does give you more control.

                      1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Galactic Empire @jrey
                        last edited by

                        @jrey well then, hello again :)

                        Yeah to be clear it’s not always a problem. One also has to have the dedupe option checked. However it’s not intuitive and potentially dangerous, so I try to call it out.

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote 👍 helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.