Custom List Only Using First IP
-
Weird issue that I just noticed today, I use a custom list for a few specific blocks in pfBlocker, it's just an IP list set to Deny Both, no errors, everything seems good.
But when I checked the associated firewall rule tab and hover over the alias being used for that it only shows the first IP in the list of 7 I have on this custom list.
Anyone seeing anything similar? I've tried updating the list multiple times, reloading/updating/cron, modifying the list, removing comments, etc.... but nothing seems to help.
-
Meant to add one more thing to that, the actual file pfB is storing only has the single IP, so that's the root issue but I can't for the life of me figure out why it only has the 1 IP in it.
-
OK nevermind, might have already solved this on my own, I believe those IPs are showing up in another list I just couldn't identify which one at first but appears they are.
-
@planedrop if you have deduplication enabled it will pull IPs out of other lists. Which may affect what gets handled by rules.
-
@SteveITS Yes, thank you, this is exactly what it was. I for some reason assumed dedup would only apply to non custom lists but I guess that wouldn't really make any sense.
-
@planedrop It's actually a bug IMHO because people have seen stuff like:
block country1
allow country 2
block a feedand then the allow list has IPs removed because they're in the feed. May not be the best explanation, but my takeaway was not to use dedupe :-/ or just use Alias Native and make my own rules.
-
@SteveITS Hmmm I see what you mean, I'll have to see if I can duplicate this. My setup right now though is to use block lists and then I use alias lists for any allowances I am making, so I think that avoids dedup issues.