Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG alerts - IPv6 hostnames missing

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 2 Posters 253 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      purleigh
      last edited by

      On pfSense CE 2.7.2 I'm using pfBlockerNG 3.2.0_8 to block unwanted web adverts.

      For the purpose of an example for this topic, I'm using an Ubuntu desktop PC with the hostname "GameCube" and using both IPv4 and IPv6.

      In the pfSense web console I can see the PC hostname "GameCube" correctly detected in both -
      Status > DHCP Leases
      Status DHCP Leases.png

      and
      Status > DHCPv6 Leases
      Status DHCPv6 Leases.png

      Using a web browser on the Ubuntu PC to trigger some mixed IPv4 / IPv6 blocked DNSBL content

      then looking at the blocked content alerts at -
      Firewall > pfBlockerNG > Alerts > Unified

      the alerts correctly show the PC 'hostname' in the SRC column for IPv4 alerts
      but the equivalent 'hostname' is missing for IPv6 alerts from the SAME PC.
      Firewall pfBlockerNG Alerts.png

      I'm not seeing the hostnames for ANY IPv6 DNSBL alerts !
      Am I doing something wrong ?, or do I need to report this as a bug ?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @purleigh
        last edited by Gertjan

        @purleigh

        Your post is 'lost' 😊
        It's a question about the pfSense GUI package pfBlockerng :

        21726789-53e4-4943-9485-c5df3e3207d4-image.png

        Better : The answer can be found somewhere in that forum 😊
        And yes, it's probably a little short-coming, aka bug.

        I posted about this a while ago, and proposed a work around.
        So, I've a patch :

        Open /usr/local/pkg/pfblockerng/pfblockerng.inc
        and find

        // Collect static DHCPv6 hostnames/IPs

        Convert it into comments :

        //	// Collect static DHCPv6 hostnames/IPs
        //	foreach (config_get_path('dhcpdv6', []) as $dhcpv6) {
        //		if (is_array($dhcpv6['staticmap'])) {
        //			foreach ($dhcpv6['staticmap'] as $smap) {
        //				$local_hosts[$smap['ipaddrv6']] = strtolower("{$smap['hostname']}");
        //			}
        //		}
        //	}
        

        and then paste just behind it :

        	// Collect static DHCPv6 hostnames/IPs
        	## 2024-11-25 Gertjan
        	foreach (config_get_path('dhcpdv6', []) as $ipv6_interface =>$dhcpv6)
        	{
        		if (is_array($dhcpv6['staticmap']))
        		{
        			$pdsubnet = '';
        			foreach ($dhcpv6['staticmap'] as $smap)
        			{
        				if (strpos($smap['ipaddrv6'],'::',0) !== false)
        				{
        					if (get_interface_track6ip($ipv6_interface))
        					{
        						$track6ip = get_interface_track6ip($ipv6_interface);
        						$pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]);
        						// remove '::' from prefix $pdsubnet
        						$pdsubnet = substr($pdsubnet,0,strpos($pdsubnet,'::'));
        					}
        				}
        			$local_hosts[$pdsubnet.$smap['ipaddrv6']] = strtolower("{$smap['hostname']}");
        			}
        		}
        	}
        

        This issue is : you use probably 'IPv6 Prefix tracking", like me.
        In that case, static FHCPv6 lease are configured like :

        5375144e-1ce3-454b-bf69-db16fe98cd82-image.png

        and that shorted IPv6 notation isn't the real IPv6.
        Or, pfBlockerng uses the IPv6 SRC IP to reverse find host names. And that will fail.

        The path shown above test for the shortened ::xx IPv6, and if it finds wone, it prepends the prefix of that LAN interface.

        Afaik, the issue isn't listed here.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S stephenw10 moved this topic from Firewalling on
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.