Something is blocking OISD compilation download

manilx

Hi

Something I activated (possibly Suricata) is suddenly blocking a pfBlockerNG DNSBL feed:

[PFB_FILTER - 17] Failed or invalid Mime Type: [text/x-php|0]

 [ DNSBL_Compilation - OISD ] Download FAIL [ 01/1/23 20:16:03 ]
  DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

  Restoring previously downloaded file

I have disabled Suricata on the Wan now but still get this error. Was workink...

Any ideas?

manilx

@manilx Some more info in the update log:

[ OISD ]			 Downloading update .. 200 OK
[PFB_FILTER - 17] Failed or invalid Mime Type: [text/x-php|0]

 [ DNSBL_Compilation - OISD ] Download FAIL [ 01/1/23 20:21:03 ]
  DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

BBcan177

@manilx the OISD URL seems down? What do you get if you load that url in the browser or with curl?
https://dbl.oisd.nl/

manilx

@bbcan177 Not loading in browser also......
Must be an issue with the site then.

BBcan177

@manilx the strange thing is that the mime type in the error log wasn't expected. Looks like the verification code saw a php file? So would have been good to have captured that file for review.

manilx

@bbcan177 said in Something is blocking OISD compilation download:

@manilx the strange thing is that the mime type in the error log wasn't expected. Looks like the verification code saw a php file? So would have been good to have captured that file for review.

It's working this morning again, so this must have been a longer time with issues at the source yesterday.

Next time I know what to do. Bear with me, I'm only a couple of days with pfsense having come over from OPNsense (which began having issues after a borked update with problematic suricata&unbound).
And pfblockerNG is completely new ;)

Wil I'm at it and of topic and I'm speaking to the developer (I think) one thing I'd like to copy I had in OPNsense is being able to create Aliases with specific countries (as source in a pass firewall rule). pfblocker NG creates automtic ones for the countries I want to block and there is surely a way to do this but I can't find it....
Thx in advance!

areckethennu

Is the OISD download still working for you? I've been getting the same error for 3 months now.

[ DNSBL_Compilation - OISD ] Download FAIL [ 03/10/24 13:15:03 ]
  DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.
 [ 03/10/24 13:15:03 ]
  Restoring previously downloaded file
  [ 03/10/24 13:15:03 ]

I'm not running Suricata (pfBlockerNG 3.2.0_7 is the only package I've added in). On pfSense 23.09-RELEASE (amd64)

Vollans

@areckethennu It’s deliberately down - the feed pfSense uses no longer works:

https://oisd.nl/

areckethennu

@Vollans According to that link, pfBlockerNG will support the new format sometime soon. Do you happen to know if we'd be better off just leaving things as they are and waiting, or is there some recommended alternative to OISD that we should switch to?

p1erre

@areckethennu For now you can use this link oisd big