IPv4 Custom_List entries wrong
-
====================[ Empty Lists w/127.1.7.7 ]==================
Manual_blocked_IPs_custom_v4.txt
NVT_BL_v4.txtOK! Thx.
-
That seems different.
What version are you running?
Do you have de-duplication enabled?
I have created a duplicate and in the log I don't have anything for "Empty Lists"
but in this section of the log
[ Deny List IP Counts
. . .
25 /var/db/pfblockerng/deny/file1.txt
21 /var/db/pfblockerng/deny/file2.txt
2 /var/db/pfblockerng/deny/file3.txt
1 /var/db/pfblockerng/deny/file4.txtthe last one contains a duplicate of an IP that is already included above pointing at the 127.x.x.x address (so not "empty") but "changed"
Try and remove the /32 from IP (just leaving the IP) see if that changes anything (it shouldn't really)
also make sure there are no spaces at the end of the line,
and the entry on a line by itself (ie you hit return/enter at the end)you could enter it like
#
IP here
# -
I can recreate what you are seeing with the address you provided because, this address 89.248.160.0/20 is already in another list I already have from a downloaded list.
Because it is the only address in your list I do in fact see this for this case
====================[ Empty Lists w/127.1.7.7 ]==================
testempty_custom_v4.txt
Then I added another address that I knew would not be included elsewhere to the custom list and now the list no longer considered "empty" but only has the 1 address
Nothing wrong.
-
@jrey Great. Thank you for confirming!
-
Nothing wrong
Actually I would suggest there is something wrong… As someone pointed out a while back if a person has ports on their deny entries the dedupe will still pull IPs out of them…even though they would then allow the IPs on some ports. Alias Native will not dedupe, just create aliases to be used in rules.
-
@steveits no ports on any deny rule. Just on the one allow ip one.
-
@steveits said in IPv4 Custom_List entries wrong:
As someone pointed out a while back
Actually that may have been me.
and correct if The OP needs them to remain in that specific list, to keep that IP tied to a specific Rule, then yes you need to use the Alias type and create the rule. But also as the OP indicated it is a "deny both" so in the case as presented it is working as expected.
Thanks for pointing out the additional required step, depending on the actually use case. I didn't get the impression from the OP that it needed to remain on that specific list only, but rather that it just needed be blocked with the deny both
All good.
JR -
@jrey from all said I think that having all Alias Native and making my own rules is the best way forward…
Just more work
-
I actually use a combination, and mostly because I needed to "tweak" the order in the floating rules section for a specific use case requiring some IP's to remain in a specific rule.
It's not that much extra work to set up, and it does give you more control.
-
@jrey well then, hello again :)
Yeah to be clear it’s not always a problem. One also has to have the dedupe option checked. However it’s not intuitive and potentially dangerous, so I try to call it out.