Bug 13072

Summary: Blocklist updated but old (not listed) IP address still blocked
Product: IPFire Reporter: Larsen <larsen007>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED FIXED QA Contact:
Severity: Minor Usability    
Priority: - Unknown - CC: peter.mueller
Version: 2   
Hardware: unspecified   
OS: Unspecified   

Description Larsen 2023-03-27 08:43:46 UTC 
I just noticed that an IP address was still being blocked by the firewall although it wasn't contained in the blocklist anymore.


# date
Mon Mar 27 10:19:05 AM CEST 2023

# grep "Successfully updated BLOCKLIST_DE" /var/log/messages | tail -n1
Mar 27 10:15:18 atl-ipfire ipblocklist: <INFO> Successfully updated BLOCKLIST_DE blocklist.

# ll /var/lib/ipblocklist/BLOCKLIST_DE.conf
-rw-r--r-- 1 nobody nobody 663K Mar 27 10:15 /var/lib/ipblocklist/BLOCKLIST_DE.conf

# grep 31.17.17.114 BLOCKLIST_DE.conf
-> empty

# ipset list BLOCKLIST_DE | grep 31.17.17.114
31.17.17.114



As a workaround, I disabled the blocklist use in the GUI and reloaded the firewall rules:

# ipset list BLOCKLIST_DE | grep 31.17.17.114
ipset v7.15: The set with the given name does not exist

Re-enabled blocklist:

# ipset list BLOCKLIST_DE | grep 31.17.17.114
-> empty
Comment 1 Michael Tremer 2023-03-28 13:43:39 UTC 
@Stefan: Could you please have a look at this?
Comment 2 Stefan Schantl 2023-03-28 16:07:46 UTC 
Hello Larsen,

thanks for reporting this issue.

I've sent a fix to the development mailing list which should be part of the next core update:

https://patchwork.ipfire.org/project/ipfire/patch/20230328160542.132432-1-stefan.schantl@ipfire.org/

Please test and report back any remain issues.

Thanks in advance,

-Stefan
Comment 3 Larsen 2023-03-29 10:24:19 UTC 
Thanks, will wait for the next core update and then test.
Comment 6 Larsen 2024-01-10 13:38:03 UTC 
Just for the record: Works as expected now