Project

General

Profile

Actions
Copy link

Bug #16416

closed

It's possible to add DNSBL Virtual IP with subnet mask if to use Restore Configuration option in Diagnostics -> Backup&Restore

Added by Azamat Khakimyanov 5 days ago. Updated 4 days ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Tested on 25.07.1 (pfBlockerNG 3.2.7)

If to use incorrect DNSBL Virtual IP in config.xml file ('DNSBL VIP with subnet mask.png'), it's possible to restore this config on pfSense without getting any errors/alerts ('restored DNSBL VIP with mask.png').

DNSBL doesn't work with this wrong VIP and it's hard to troubleshoot why it's happening as there are no any informative logs.

I think one more check function should be added which wipes the subnet mask while booting or applying pfBlockerNG settings.

It's not urgent to fix but we already had one customer who restored such config with incorrect DNSBL VIP and it took lots of time to find the reason why DNSBL wasn't able to start.

Files

Download all files
DNSBL VIP with subnet mask.png (59.2 KB) DNSBL VIP with subnet mask.png Azamat Khakimyanov, 09/07/2025 12:36 PM
restored DNSBL VIP with mask.png (47.7 KB) restored DNSBL VIP with mask.png Azamat Khakimyanov, 09/07/2025 12:36 PM
Actions
Copy link
 #1

Updated by Marcos M 4 days ago

  • Status changed from New to Rejected

It sounds like config.xml was modified manually. That's not supported and should only be done when you know exactly what the result will be. Once the config has a strictly defined structure, these kinds of issues can be revisited.

Actions
Copy link

Also available in: Atom PDF