Quick easy way to determine if an IP is on a pfBlocker-NG list?
I have a number of block lists and geographic lists setup in pfBlocker-NG.
Every once in a while I'll see an IP has been blocked and want to determine if it is on a blocklist from pfBlocker-NG and if so which one, is there an easy/quick way to do so? Right now I am just hovering over the rule and manually looking at the IPs, but this is tedious.
Is there a log somewhere I can grep from the shell?
Edit: and does pfBlocker-ng keep a log of recent revisions to the blocklists? So if I see something was blocked yesterday, but the lists have updated since then I can see which list it was on previously?
You should be able to see this in the pfBNG Alerts tab… v2.0 will have an improved lookup for CIDRs...
You can also grep from the shell..
grep "^22.214.171.124" *
grep "^1.2.3" *
grep "^1.2." *
grep "^1." *
add | grep '/' to only report CIDRs.