Quick easy way to determine if an IP is on a pfBlocker-NG list?



  • I have a number of block lists and geographic lists setup in pfBlocker-NG.

    Every once in a while I'll see an IP has been blocked and want to determine if it is on a blocklist from pfBlocker-NG and if so which one, is there an easy/quick way to do so? Right now I am just hovering over the rule and manually looking at the IPs, but this is tedious.

    Is there a log somewhere I can grep from the shell?

    Edit: and does pfBlocker-ng keep a log of recent revisions to the blocklists? So if I see something was blocked yesterday, but the lists have updated since then I can see which list it was on previously?


  • Moderator

    You should be able to see this in the pfBNG Alerts tab… v2.0 will have an improved lookup for CIDRs...

    You can also grep from the shell..

    cd /var/db/pfblockerng/deny/
    grep "^1.2.3.4" *

    Other examples:

    grep "^1.2.3" *
    grep "^1.2." *
    grep "^1." *

    add    | grep '/'  to only report CIDRs.


Log in to reply