Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IP Addresses in Alias Not Getting Blocked
« previous
next »
Print
Pages: [
1
]
Author
Topic: IP Addresses in Alias Not Getting Blocked (Read 1329 times)
kagbasi-wgsdac
Newbie
Posts: 22
Karma: 0
IP Addresses in Alias Not Getting Blocked
«
on:
October 06, 2019, 01:22:23 pm »
Hello all,
I need some help with Aliases. I have defined an alias, of type
"URL Table (IPs)"
, intended to be used as a VOIP_Blacklist. In this alias is a set of host IP addresses entered as CIDR notation (i.e., x.x.x.x/32). Unfortunately, I've noticed that these IP addresses aren't getting blocked. I got wind of this using SNGREP to monitor traffic to my PBX Server and started seeing some unwanted traffic from these hosts I'd previously added to the alias (
don't worry, the PBX is safe for now as Fail2Ban has blocked those offending IPs
).
However, I would like to block these IPs at the edge as well so that I take some of the load off the PBX. I can't seem to figure out why the IPs in the alias aren't getting blocked - even though I have a block rule that says so.
To troubleshoot further, I looked in the "pfTables" for that same alias and it shows "no results found". However, if I add one of those IPs directly from the pfTables page, I can see it get blocked immediately while watching the Live View page. To troubleshoot further, I've changed the alias type from
"URL Table (IPs)"
to
"Networks"
without any positive effect. It's almost as if the alias is getting ignored.
Finally, I've rebooted OPNSense - thinking that perhaps something might be stuck but that hasn't had any positive impact either. What am I missing here?
Any help would be greatly appreciated, thanks.
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: IP Addresses in Alias Not Getting Blocked
«
Reply #1 on:
October 07, 2019, 10:37:09 am »
...but you pressed the APPLY button on the Aliases page of GUI after creating your alias? Did you try type Network(s) or Host(s)?
«
Last Edit: October 07, 2019, 10:44:51 am by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IP Addresses in Alias Not Getting Blocked