Actions
Bug #14054
open
pfBlockerNG can incorrectly modify firewall rules
Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
Some minutes after configuring a firewall rule, the pfBlockerNG cron job ran and incorrectly modified one of the floating rules which resulted in the filter failing to reload.
Firewall alert:
Unresolvable source alias 'pfB_Bogons_v6_v4' for rule 'Bogons (outside) IPv6' @ 2023-03-09 13:00:24
Affected rule:
block in quick on { vmx0.99 gif0 } inet from $pfB_Bogons_v6 to any ! tagged "passlist" ridentifier 1677447028 label "USER_RULE: Bogons (outside) IPv6" label "id:1677447028"
Config history difference and pfBlockerNG update log- see attached. Setup:
- Using pfBlockerNG 3.2.0_3 on pfSense+ 23.01.
- The general IP settings page has the following options checked:
De-Duplication,CIDR Aggregation,Floating Rules. - There are 5 IP lists configured as
Alias Denywhich result in the following aliases created by pfBlockerNG:pfB_Bogons_v4,pfB_Bogons_v6,pfB_PRI1_v4,pfB_Top_v4,pfB_Top_v6.
Files
Updated by Marcos M over 1 year ago
- File config.diff config.diff added
- File pfblockerng.log pfblockerng.log added
- Description updated (diff)
Updated by Marcos M over 1 year ago
- Subject changed from pfBlockerNG can unintentionally modify firewall rules to pfBlockerNG can incorrectly modify firewall rules
Updated by Marcos M over 1 year ago
It appears this related to the IPv4 IP list being updated, and happens during this step:
**Saving configuration [ 03/21/23 18:07:28 ]**
Actions