Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Custom List Only Using First IP

    Scheduled Pinned Locked Moved pfBlockerNG
    7 Posts 2 Posters 831 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • planedropP Offline
      planedrop
      last edited by

      Weird issue that I just noticed today, I use a custom list for a few specific blocks in pfBlocker, it's just an IP list set to Deny Both, no errors, everything seems good.

      But when I checked the associated firewall rule tab and hover over the alias being used for that it only shows the first IP in the list of 7 I have on this custom list.

      Anyone seeing anything similar? I've tried updating the list multiple times, reloading/updating/cron, modifying the list, removing comments, etc.... but nothing seems to help.

      S 1 Reply Last reply Reply Quote 0
      • planedropP Offline
        planedrop
        last edited by

        Meant to add one more thing to that, the actual file pfB is storing only has the single IP, so that's the root issue but I can't for the life of me figure out why it only has the 1 IP in it.

        1 Reply Last reply Reply Quote 0
        • planedropP Offline
          planedrop
          last edited by

          OK nevermind, might have already solved this on my own, I believe those IPs are showing up in another list I just couldn't identify which one at first but appears they are.

          1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @planedrop
            last edited by

            @planedrop if you have deduplication enabled it will pull IPs out of other lists. Which may affect what gets handled by rules.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            planedropP 1 Reply Last reply Reply Quote 0
            • planedropP Offline
              planedrop @SteveITS
              last edited by

              @SteveITS Yes, thank you, this is exactly what it was. I for some reason assumed dedup would only apply to non custom lists but I guess that wouldn't really make any sense.

              S 1 Reply Last reply Reply Quote 0
              • S Offline
                SteveITS Rebel Alliance @planedrop
                last edited by

                @planedrop It's actually a bug IMHO because people have seen stuff like:

                block country1
                allow country 2
                block a feed

                and then the allow list has IPs removed because they're in the feed. May not be the best explanation, but my takeaway was not to use dedupe :-/ or just use Alias Native and make my own rules.

                Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
                Upvote 👍 helpful posts!

                planedropP 1 Reply Last reply Reply Quote 0
                • planedropP Offline
                  planedrop @SteveITS
                  last edited by

                  @SteveITS Hmmm I see what you mean, I'll have to see if I can duplicate this. My setup right now though is to use block lists and then I use alias lists for any allowances I am making, so I think that avoids dedup issues.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.