Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm)
-
Hello,
After upgrading my Pfsense SG-3100 to 21.05.1-RELEASE (arm) Pfblocker is no longer working.
I receive the below alarms frequently and it is not logging any blocks when usually there are a ton.
Unresolvable source alias 'pfB_SAmerica_v4' for rule 'South America' @ 2021-09-10 09:03:55
Unresolvable source alias 'pfB_Oceania_v4' for rule 'Oceania' @ 2021-09-10 09:03:56
Unresolvable source alias 'pfB_NAmerica_v4' for rule 'NAmerica' @ 2021-09-10 09:03:57
Unresolvable source alias 'pfB_Europe_v4' for rule 'Europe' @ 2021-09-10 09:03:58
Unresolvable source alias 'pfB_Asia_v4' for rule 'Asia' @ 2021-09-10 09:03:59
Unresolvable source alias 'pfB_Africa_v4' for rule 'Africa' @ 2021-09-10 09:04:00
Unresolvable destination alias 'pfB_SAmerica_v4' for rule 'South America' @ 2021-09-10 09:04:01I have confirmed Pfblocker is enabled, tried a cron followed by a full reload, update followed by a full reload.
I encountered this once in the past a long time ago and I don't remember what I did to fix. Possibly increasing the size of the Pfsense state table.
Any ideas as this is a critical component to my security posture.
Thank you.
-
@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):
Possibly increasing the size of the Pfsense state table
Probably not the state table, but "Firewall Maximum Table Entries." (System/Advanced/Firewall & NAT) However pfSense should log an error when it tries to load things and runs out of space.
Do you need aliases for all those? It's less resource heavy to allow certain countries rather than block the world. (said without knowing what's in the aliases)
-
@steveits I uninstalled whatever version of Pfblocker I had and installed pfBlockerNG-devel 3.0.0_16 and that seems to have resolved the issue.
I would like to get rid of the aliases and block on a per country basis to improve resource utilization.
With the new version I don't see where I can select the countries. I will have to poke around some more.
-
@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):
With the new version I don't see where I can select the countries
IP/GeoIP, then click the pencil icon for each continent.
-
@steveits For some reason I am missing that pencil icon for each continent. I do have a MaxMind license key that I registered for.
-
@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):
missing that pencil icon
On the far right? like:
Edit: I saw pfB 3.1.0 is out today, or will be shortly.
-
@steveits Yes, the blue pencils don't exist.
I tried Chrome and Edge thinking it may have been my browser but the issue persists in both.
-
@steveits I noticed when I do a manual update I get the below 401 Unauthorized for the GeoLite2-Country-CSV.zip. I verified I am using my correct license key for Max Mind. Other stuff does seem to update.
UPDATE PROCESS START [ v3.1.0 ] [ 09/10/21 16:01:50 ]
===[ DNSBL Process ]================================================
===[ GeoIP Process ]============================================
MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...
Download Process Starting [ 09/10/21 16:01:52 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 UnauthorizedFailed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 UnauthorizedFailed to Download
Download Process Ended [ 09/10/21 16:02:12 ]Could not open ISO [ SH_rep_v4 ]
Could not open ISO [ EH_rep_v4 ]
[ pfB_Africa_v4 ] exists. [ 09/10/21 16:02:13 ]
Could not open ISO [ CC_rep_v4 ][ pfB_Asia_v4 ] exists.
[ pfB_Europe_v4 ] exists. [ 09/10/21 16:02:14 ] -
@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):
401 Unauthorized for the GeoLite2-Country-CSV.zip
Was your Maxmind key created as a 3.1.1 version? See this thread. Looks like that poster wasn't using the -devel version either which is the only way I got Maxmind to work.
-
@steveits That did the trick. I created a new license key from Max Mind, the updates are now fully successful, and the pencil icons are there!
Should I delete my old pfB_Africa_v4, pfB_xxx, aliases now?
-
@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):
Should I delete my old pfB_Africa_v4, pfB_xxx, aliases now
If you're not using them I would, otherwise (I assume) they would use memory.