pfBlockerNG alerts - IPv6 hostnames missing
-
On pfSense CE 2.7.2 I'm using pfBlockerNG 3.2.0_8 to block unwanted web adverts.
For the purpose of an example for this topic, I'm using an Ubuntu desktop PC with the hostname "GameCube" and using both IPv4 and IPv6.
In the pfSense web console I can see the PC hostname "GameCube" correctly detected in both -
Status > DHCP Leases
and
Status > DHCPv6 Leases
Using a web browser on the Ubuntu PC to trigger some mixed IPv4 / IPv6 blocked DNSBL content
then looking at the blocked content alerts at -
Firewall > pfBlockerNG > Alerts > Unifiedthe alerts correctly show the PC 'hostname' in the SRC column for IPv4 alerts
but the equivalent 'hostname' is missing for IPv6 alerts from the SAME PC.
I'm not seeing the hostnames for ANY IPv6 DNSBL alerts !
Am I doing something wrong ?, or do I need to report this as a bug ? -
Your post is 'lost'
It's a question about the pfSense GUI package pfBlockerng :Better : The answer can be found somewhere in that forum
And yes, it's probably a little short-coming, aka bug.I posted about this a while ago, and proposed a work around.
So, I've a patch :Open /usr/local/pkg/pfblockerng/pfblockerng.inc
and find// Collect static DHCPv6 hostnames/IPs
Convert it into comments :
// // Collect static DHCPv6 hostnames/IPs // foreach (config_get_path('dhcpdv6', []) as $dhcpv6) { // if (is_array($dhcpv6['staticmap'])) { // foreach ($dhcpv6['staticmap'] as $smap) { // $local_hosts[$smap['ipaddrv6']] = strtolower("{$smap['hostname']}"); // } // } // }
and then paste just behind it :
// Collect static DHCPv6 hostnames/IPs ## 2024-11-25 Gertjan foreach (config_get_path('dhcpdv6', []) as $ipv6_interface =>$dhcpv6) { if (is_array($dhcpv6['staticmap'])) { $pdsubnet = ''; foreach ($dhcpv6['staticmap'] as $smap) { if (strpos($smap['ipaddrv6'],'::',0) !== false) { if (get_interface_track6ip($ipv6_interface)) { $track6ip = get_interface_track6ip($ipv6_interface); $pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]); // remove '::' from prefix $pdsubnet $pdsubnet = substr($pdsubnet,0,strpos($pdsubnet,'::')); } } $local_hosts[$pdsubnet.$smap['ipaddrv6']] = strtolower("{$smap['hostname']}"); } } }
This issue is : you use probably 'IPv6 Prefix tracking", like me.
In that case, static FHCPv6 lease are configured like :and that shorted IPv6 notation isn't the real IPv6.
Or, pfBlockerng uses the IPv6 SRC IP to reverse find host names. And that will fail.The path shown above test for the shortened ::xx IPv6, and if it finds wone, it prepends the prefix of that LAN interface.
-
S stephenw10 moved this topic from Firewalling on