Actions
Bug #13209
open
Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Status:
New
Priority:
Low
Assignee:
Viktor Gurov
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
According to our customer he got weird pfBlockeNG log in 'ip_block.log' file.
For example
May 20 16:23:12,1653043863, ixl3 ,WAN,block,4,6,TCP-S, 179.x.x.x , 77.y.y.y ,37221,81, out ,BE,pfB_PRI1_v4,77.y.y.0/21,BE_v4,Unknown,Unknown,Unknown,+
where
For example
May 20 16:23:12,1653043863, ixl3 ,WAN,block,4,6,TCP-S, 179.x.x.x , 77.y.y.y ,37221,81, out ,BE,pfB_PRI1_v4,77.y.y.0/21,BE_v4,Unknown,Unknown,Unknown,+
where
- 179.x.x.x is external IP
- 77.y.y.y is his local IP
- ixl3 is his main WAN port
so for traffic from 179.x.x.x to 77.y.y.y on WAN the direction must be IN but not OUT
I think parsing function pfb_daemon_filterlog from https://gist.githubusercontent.com/BBcan177/7cb8635199446866d511b97166d65296/raw/ mixes up Source and Destination IPs or inverts Direction.
Updated by 
Updated by
Actions