Bug #16277
closed
Enabling IPv6 support in DNSBL doesn't allow pfb_dnsbl to start
100%
Description
Following up from https://www.reddit.com/r/pfBlockerNG/comments/1jb5rtc/ipv6_woes_wrong_vip/
I created a PR to fix the issue: https://github.com/pfsense/FreeBSD-ports/pull/1416
The run down of the issue is including the server.use-ipv6 = "enable" block in the lighttpd config tells it to listen on EVERY ipv6 interface, not just the selected ones. Removing this allows the logic expected to still work (i.e. localhost only, selected interfaces, combos of the above)
Files
Updated by Danilo Zrenjanin 5 months ago
Tested against:
25.07.1-RELEASE (amd64) built on Fri Aug 15 18:42:00 UTC 2025 FreeBSD 15.0-CURRENT
pfBlockerNG-devel 3.2.7
I couldn't reproduce the issue.
Updated by Danilo Zrenjanin 5 months ago
- File clipboard-202508231612-n3avm.png clipboard-202508231612-n3avm.png added
- File clipboard-202508231613-ckfnc.png clipboard-202508231613-ckfnc.png added
- File clipboard-202508231614-r6whu.png clipboard-202508231614-r6whu.png added
[25.07.1-RELEASE][admin@pfSense.home.arpa]/root: sockstat -6 -l | grep :443 root lighttpd_p 21882 6 tcp6 ::10.10.10.1:443 *:* www haproxy 55509 6 tcp6 fc00::1:443 *:*
Updated by
Updated by Georgiy Tyutyunnik 20 days ago
- Status changed from Feedback to Resolved
tested on:
25.11-RELEASE (amd64)
built on Mon Dec 15 17:04:00 UTC 2025
FreeBSD 16.0-CURRENT
pfBlockerNG 3.2.13_4
enabling dnsbl on a specific IPv6 VIP allows dnsbl to start and opens a socket on a specific VIP instead of all interfaces:
DNSBL Virtual IP
10.100.100.100 (dnsbl vipv4)
IPv4 Virtual IP
fc80:: (dnsbl vipv6)
IPv6 Virtual IP (optional)
sockets:
root lighttpd_p 33187 5 tcp6 fc80:::80 :*
root lighttpd_p 33187 6 tcp6 fc80:::443 *: