pfBlockerNG-devel v3.1.0_0

p32spaceblaster

Is anyone else having issues upgrading? I get the following:
Confirmation Required to upgrade package pfSense-pkg-pfBlockerNG-devel from 3.0.0_16 to 3.1.0.

Then this

Upgrading pfSense-pkg-pfBlockerNG-devel...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Failed

ltolbert

This post is deleted!

miquim

I can not update the UT1 & ShallaList categories.

my log is allways this:

UPDATE PROCESS START [ v3.1.0 ] [ 10/26/21 16:25:00 ]

===[  DNSBL Process  ]================================================

Clearing all DNSBL Feeds

TLD Analysis not required.
Stopping Unbound Resolver
Unbound stopped in 1 sec.
Additional mounts (DNSBL python):
  No changes required.
Starting Unbound Resolver... completed
Restarting DNSBL Service (DNSBL python)
DNSBL update [ 0 | PASSED  ]... completed [ 10/26/21 16:25:01 ]
------------------------------------------------------------------------

===[  GeoIP Process  ]============================================


===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED

any one can help me?

Gertjan

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

miquim

@gertjan said in pfBlockerNG-devel v3.1.0_0:

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.

and get same error

miquim

@miquim said in pfBlockerNG-devel v3.1.0_0:

@gertjan said in pfBlockerNG-devel v3.1.0_0:

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.

and get same error

i found the problem, I need to create this dnsbl group like this and it worked.

rjamesm

Any word on safe search allowing duckduckgo? It appears it doesn't work.

ksh

Hi
I have some challanges with pfBlockerNG on version 22.05.
I have 2 pfSense were i have a custom IPv4 source defination.
On one of my pfSense it does not update the entire list on my other it does.
They are sync the settings to eachother so it has the same configuration.
Any idea why this might go bad?
It seems that pfSense 1 is just stuck on some cache or some "obsolete" list

pfSense 1 log
Alias table IP Counts

18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense 2 log
Alias table IP Counts

19042 total
16635 /var/db/aliastables/pfB_PRI1_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

Gertjan

@ksh

Do a Force reload, and look at what the log, at the bottom of the page, produces.
Even when I asked a

the files didn't get reloaded again :

...
====================[ DNSBL Last Updated List Summary ]==============

Oct 3	00:00	DNSBL_174618
Dec 5	00:00	UT1_gambling
Dec 5	00:00	UT1_games
Dec 5	00:00	UT1_phishing
Dec 5	00:00	UT1_warez
Dec 5	00:00	StevenBlack_ADs
===============================================================
...

Note : where I live, its December 7.
So, it might be possible that files on your two pfSense are not 100 % identical.
This behaviour is normal. List don't get reloaded every hours or so as this (xx thousands of pfBlockerng-devel are running out there) would destroy the web servers that hosts these files.

Btw : I've demanded to update my one and only DNSBL list Weekly, as these lists do not get updated massively every hour or day and I don't bother missing one or two.

ksh

@gertjan
My custom list needs to be adjusted more than once an hour :)

Bottom of the log file:
====================[ DNSBL Last Updated List Summary ]==============

Nov 29 00:00 StevenBlack_ADs

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

Alias table IP Counts

18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense Table Stats

table-entries hard limit 400000
Table Usage Count 159353

UPDATE PROCESS ENDED [ 12/7/22 13:03:18 ]

Gertjan

@ksh

You didn't show what I've showed you.
The part with the dates and hour.

I've tricked my pfblockerng-devel by forcing it to download the lists again.
I've deleted all the files in /var/db/pfblockerng/dnsblorig/
Then I did a force reload.
It showed :

====================[ DNSBL Last Updated List Summary ]==============

Dec 7	13:37	UT1_gambling
Dec 7	13:37	UT1_games
Dec 7	13:37	UT1_phishing
Dec 7	13:37	UT1_warez
Dec 7	13:37	StevenBlack_ADs
===============================================================

Done ;)

ksh

@gertjan
So this one?
====================[ IPv4/6 Last Updated List Summary ]==============

Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Nov 30 14:00 CompusoftCustomers_v4
Dec 7 13:03 3CX_ServerPublic_custom_v4

Gertjan

@ksh

Yep.
Rookie mode : Delete them all - and sync pfblocker
Better be safe then sorry : copy them on a safe place and then delete them all, and sync pfblocker

Btw : Dec 7 13:03 3CX_ServerPublic_custom_v4 (your own list ?) seems recent enough.

Other lists : if they didn't changed, they won't get downloaded (I guess ?!)

ksh

@gertjan
I removed the list. And added it again. This works.
But if i go and add an IP to the list an run the job it doesn't get updated :/

There should be 1278 and 1276 in /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt

I can also see that it seems like it doesn't get updated from when i create it to i update it.
But my 3CX_ServerPublic_custom_v4 seems to be updated everytime. This is an Alias Native. and not a list.

====================[ IPv4/6 Last Updated List Summary ]==============

Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Dec 7 21:21 CustomersGateway_v4
Dec 7 21:23 CompusoftCustomers_v4
Dec 7 21:35 3CX_ServerPublic_custom_v4

====================[ DNSBL Last Updated List Summary ]==============

Nov 29 00:00 StevenBlack_ADs

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

Alias table IP Counts

20550 total
17997 /var/db/aliastables/pfB_PRI1_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense Table Stats

table-entries hard limit 400000
Table Usage Count 161000

UPDATE PROCESS ENDED [ 12/7/22 21:35:30 ]

Gertjan

@ksh said in pfBlockerNG-devel v3.1.0_0:

But if i go and add an IP to the list an run the job it doesn't get updated :/

You posted (now) 11 hours ago. It's 08h00 AM here.

The last time that your file was downloaded, was :

@ksh said in pfBlockerNG-devel v3.1.0_0:

Dec 7 21:35 3CX_ServerPublic_custom_v4

That's also some 11 hours ago.
That file seems pretty up to date to me.

If you set pfBlockerng to do house hold tasks every hour :

and set your list ( I showed a DNSBL list here ) to be downloaded every hour :

then this file will ... should (?!) get downloaded every hour.

In your case, as you host this file yourself, that's ok, you' hitting your infrastructure.
I strongly advice you not to do this for any other feed/list that is on a host that you do not own.

ksh

@gertjan
I have figured it out now.
I was running the reload command and not the cron command.
When i run the cron command it updates the list in the firewall.
And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day.
Thanks for the help