Quick easy way to determine if an IP is on a pfBlocker-NG list?
-
I have a number of block lists and geographic lists setup in pfBlocker-NG.
Every once in a while I'll see an IP has been blocked and want to determine if it is on a blocklist from pfBlocker-NG and if so which one, is there an easy/quick way to do so? Right now I am just hovering over the rule and manually looking at the IPs, but this is tedious.
Is there a log somewhere I can grep from the shell?
Edit: and does pfBlocker-ng keep a log of recent revisions to the blocklists? So if I see something was blocked yesterday, but the lists have updated since then I can see which list it was on previously?
-
You should be able to see this in the pfBNG Alerts tab… v2.0 will have an improved lookup for CIDRs...
You can also grep from the shell..
cd /var/db/pfblockerng/deny/
grep "^1.2.3.4" *Other examples:
grep "^1.2.3" *
grep "^1.2." *
grep "^1." *add | grep '/' to only report CIDRs.
