pfSense » pfSense Packages

I've also experienced this for quite awhile. I created an alias for a vendor and added all IP addresses and ranges known for delivering their services. I then added that to my pass list.

I am constantly unblocking those IP's

I would really like to see this fixed.

This has proven to be a very hard bug to find and fix. The problem is random. I have thus far been unable to reproduce it at will. And in fact, until just this afternoon, I had never had it happen on any of my test virtual machines. But this afternoon it did happen exactly once while testing the new Suricata 7.0.0 package. I have the network 192.168.233.0/24 in the Pass List, but Suricata implemented a block on IP address 192.168.233.1. That address is obviously within the netblock on the Pass List.

But thus far, every time I've tried to duplicate the bug with a debug version of the Suricata binary, I've been unsuccessful. I am going to investigate a completely different method of testing alerting IP addresses against the saved Pass List. The current method depends on the built-in Radix Tree code in the Suricata binary. There appears to be a random "failure to match" in that code. Or else I am using it incorrectly. Hard to say as there is no "how-to" manual provided.

Another pass at resolving this long standing, but random, issue is in the code of Pull Request 1284 (https://github.com/pfsense/FreeBSD-ports/pull/1284) merged on August 10, 2023.

This issue can be marked resolved.