pfBlockerNG alerts - IPv6 hostnames missing

purleigh

On pfSense CE 2.7.2 I'm using pfBlockerNG 3.2.0_8 to block unwanted web adverts.

For the purpose of an example for this topic, I'm using an Ubuntu desktop PC with the hostname "GameCube" and using both IPv4 and IPv6.

In the pfSense web console I can see the PC hostname "GameCube" correctly detected in both -
Status > DHCP Leases
Status DHCP Leases.png

and
Status > DHCPv6 Leases
Status DHCPv6 Leases.png

Using a web browser on the Ubuntu PC to trigger some mixed IPv4 / IPv6 blocked DNSBL content

then looking at the blocked content alerts at -
Firewall > pfBlockerNG > Alerts > Unified

the alerts correctly show the PC 'hostname' in the SRC column for IPv4 alerts
but the equivalent 'hostname' is missing for IPv6 alerts from the SAME PC.
Firewall pfBlockerNG Alerts.png

I'm not seeing the hostnames for ANY IPv6 DNSBL alerts !
Am I doing something wrong ?, or do I need to report this as a bug ?

Gertjan

@purleigh

Your post is 'lost'
It's a question about the pfSense GUI package pfBlockerng :

Better : The answer can be found somewhere in that forum
And yes, it's probably a little short-coming, aka bug.

I posted about this a while ago, and proposed a work around.
So, I've a patch :

Open /usr/local/pkg/pfblockerng/pfblockerng.inc
and find

// Collect static DHCPv6 hostnames/IPs

Convert it into comments :

//	// Collect static DHCPv6 hostnames/IPs
//	foreach (config_get_path('dhcpdv6', []) as $dhcpv6) {
//		if (is_array($dhcpv6['staticmap'])) {
//			foreach ($dhcpv6['staticmap'] as $smap) {
//				$local_hosts[$smap['ipaddrv6']] = strtolower("{$smap['hostname']}");
//			}
//		}
//	}

and then paste just behind it :

	// Collect static DHCPv6 hostnames/IPs
	## 2024-11-25 Gertjan
	foreach (config_get_path('dhcpdv6', []) as $ipv6_interface =>$dhcpv6)
	{
		if (is_array($dhcpv6['staticmap']))
		{
			$pdsubnet = '';
			foreach ($dhcpv6['staticmap'] as $smap)
			{
				if (strpos($smap['ipaddrv6'],'::',0) !== false)
				{
					if (get_interface_track6ip($ipv6_interface))
					{
						$track6ip = get_interface_track6ip($ipv6_interface);
						$pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]);
						// remove '::' from prefix $pdsubnet
						$pdsubnet = substr($pdsubnet,0,strpos($pdsubnet,'::'));
					}
				}
			$local_hosts[$pdsubnet.$smap['ipaddrv6']] = strtolower("{$smap['hostname']}");
			}
		}
	}

This issue is : you use probably 'IPv6 Prefix tracking", like me.
In that case, static FHCPv6 lease are configured like :

and that shorted IPv6 notation isn't the real IPv6.
Or, pfBlockerng uses the IPv6 SRC IP to reverse find host names. And that will fail.

The path shown above test for the shortened ::xx IPv6, and if it finds wone, it prepends the prefix of that LAN interface.

Afaik, the issue isn't listed here.