pfBlockerNG-devel v3.1.0_19/10

BBcan177

@draco said in pfBlockerNG-devel v3.1.0_19/10:

I had hoped this might let pfBlocker directly download a JSON list like the one found at Microsoft Azure IPs. This is a file I manually download and then use pfSense's GUI CMD interface to upload for pfBlocker (I set the format to AUTO). Ran this on 3.1.0_11 just now.

The Link you posted is the HTML page. You need to use the direct link:

https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20230123.json

Keep in mind that this will parse all IPs in the json file. You could also create a new shell script to parse this JSON and get more refinement on which IPs to pull ( "Advanced Tunables - Post-Script Script" feature.)

yorke

@bbcan177

I figure out why i was getting those errors some package/feature on pfsense needed to be update (ie unbound and about 4 others ) once I ran the update and reboot and reinstall
PfblockerNG work, no more errors.
Thanks BBcan177

bigjohns97

@cmcdonald I am seeing the same error about missing python modules on 23.01 RC, was this fixed on that version as well?

nimrod

@bigjohns97 said in pfBlockerNG-devel v3.1.0_19/10:

@cmcdonald I am seeing the same error about missing python modules on 23.01 RC, was this fixed on that version as well?

Yes.

Draco

@bbcan177 said in pfBlockerNG-devel v3.1.0_19/10:

he Link you posted is the HTML page. You need to use the direct link:
https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20230123.json

Fair enough -- this means I will need to manually update the link each time, but better than copying the file from my computer up to pfSense each time, thanks!

I might have to write a screen-scraper to pull the latest URL off the download page...

bigjohns97

@nimrod Can you confirm what add-on's I should see because they differ than what is posted above.

pkg info "py*" unbound

py311-maxminddb-2.2.0_2
py311-setuptools-63.1.0
py311-sqlite3-3.11.1_8
py39-libzfs-1.1.2022081600
py39-setuptools-63.1.0
py39-yaml-5.4.1
python311-3.11.1_1
python39-3.9.15
unbound-1.17.0

nimrod

@bigjohns97

Is this before or after pfblocker reinstall ?

bigjohns97

@nimrod After

nimrod

@bigjohns97

I just noticed you are on Plus version of pfsense. The output that i shared is from CE edition.

bigjohns97

@nimrod That wouldn't matter, the difference between 2.6/22.x and 2.7/23.x is really what I am trying to confirm was fixed.

@BBcan177 builds the pfblockerng code but I believe netgate dev's such as @cmcdonald are who associate package prerequisites and manage how the actual package is presenting in package manager.

This is why my original question was to @cmcdonald as to whether his fix he did in this thread was also applied to the new 2.7/23.x branch.

cmcdonald

@bigjohns97

Report the output of

pkg info unbound

ldd `which unbound`

pkg info py*

bigjohns97

@cmcdonald said in pfBlockerNG-devel v3.1.0_19/10:

@bigjohns97

Report the output of

pkg info unbound

unbound-1.17.0
Name : unbound
Version : 1.17.0
Installed on : Sat Jan 14 12:37:18 2023 CST
Origin : dns/unbound
Architecture : FreeBSD:14:amd64
Prefix : /usr/local
Categories : dns
Licenses : BSD3CLAUSE
Maintainer : jaap@NLnetLabs.nl
WWW : https://www.nlnetlabs.nl/projects/unbound
Comment : Validating, recursive, and caching DNS resolver
Options :
DEP-RSA1024 : off
DNSCRYPT : on
DNSTAP : off
DOCS : off
DOH : on
ECDSA : on
EVAPI : off
FILTER_AAAA : off
GOST : on
HIREDIS : off
LIBEVENT : on
MUNIN_PLUGIN : off
PYTHON : on
SUBNET : off
TFOCL : off
TFOSE : off
THREADS : on
Shared Libs required:
libsodium.so.23
libpython3.9.so.1.0
libnghttp2.so.14
libexpat.so.1
libevent-2.1.so.7
Shared Libs provided:
libunbound.so.8
Annotations :
FreeBSD_version: 1400073
build_timestamp: 2022-10-27T06:51:33+0000
built_by : poudriere-git-3.3.99.20220831
cpe : cpe:2.3:a:nlnetlabs:unbound:1.17.0:::::freebsd14:x64
port_checkout_unclean: no
port_git_hash : 7b7b452fb8d5
ports_top_checkout_unclean: yes
ports_top_git_hash: 0c964f08a5cb
repo_type : binary
repository : pfSense
Flat size : 8.36MiB
Description :
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
a server, but are linked into an application) are easily possible.

Goals:
* A validating recursive DNS resolver.
* Code diversity in the DNS resolver monoculture.
* Drop-in replacement for BIND apart from config.
* DNSSEC support.
* Fully RFC compliant.
* High performance, even with validation enabled.
* Used as: stub resolver, full caching name server, resolver library.
* Elegant design of validator, resolver, cache modules.
o provide the ability to pick and choose modules.
* Robust.
* In C, open source: The BSD license.
* Smallest as possible component that does the job.
* Stub-zones can be configured (local data or AS112 zones).

Non-goals:
* An authoritative name server.
* Too many Features.

WWW: https://www.nlnetlabs.nl/projects/unbound

ldd `which unbound`

/usr/local/sbin/unbound:
libssl.so.111 => /usr/lib/libssl.so.111 (0x822469000)
libsodium.so.23 => /usr/local/lib/libsodium.so.23 (0x8236ec000)
libutil.so.9 => /lib/libutil.so.9 (0x822a37000)
libevent-2.1.so.7 => /usr/local/lib/libevent-2.1.so.7 (0x823fcb000)
libpython3.9.so.1.0 => /usr/local/lib/libpython3.9.so.1.0 (0x824b25000)
libcrypto.so.111 => /lib/libcrypto.so.111 (0x8259f7000)
libnghttp2.so.14 => /usr/local/lib/libnghttp2.so.14 (0x82790a000)
libthr.so.3 => /lib/libthr.so.3 (0x825eff000)
libc.so.7 => /lib/libc.so.7 (0x826edd000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x8284bd000)
libintl.so.8 => /usr/local/lib/libintl.so.8 (0x829b94000)
libdl.so.1 => /usr/lib/libdl.so.1 (0x828694000)
libm.so.5 => /lib/libm.so.5 (0x828758000)
[vdso] (0x8215a5000)

pkg info "py*"

py311-maxminddb-2.2.0_2
py311-setuptools-63.1.0
py311-sqlite3-3.11.1_8
py39-libzfs-1.1.2022081600
py39-setuptools-63.1.0
py39-yaml-5.4.1
python311-3.11.1_1
python39-3.9.15

cmcdonald

@bigjohns97 and this is on 23.01?

bigjohns97

@cmcdonald Correct, dashboard shows 23.01 RC

Current Base System23.01.r.20230202.1645
Latest Base System23.01.r.20230202.1645
StatusUp to date.

cmcdonald

@bigjohns97 That is very odd.

The problem is you are running older Unbound which is using Python 3.9 and not 3.11

unbound-1.17.1_2
py311-libzfs-1.1.2022081600
py311-maxminddb-2.2.0_2
py311-setuptools-63.1.0
py311-sqlite3-3.11.1_8
py39-libzfs-1.1.2022081600
py39-maxminddb-2.2.0_1
py39-setuptools-63.1.0
python311-3.11.1_1
python39-3.9.16

These are the versions that we ship with 23.01-RC

I would try reinstalling unbound:

pkg install -fy unbound

bigjohns97

@cmcdonald That's odd, I also seem to be missing that 311 libzfs which I am using zfs and boot environments.

How would I go about getting these correct packages?

Edit: that worked, I now show the following.

py311-maxminddb-2.2.0_2
py311-setuptools-63.1.0
py311-sqlite3-3.11.1_8
py39-libzfs-1.1.2022081600
py39-setuptools-63.1.0
py39-yaml-5.4.1
python311-3.11.1_1
python39-3.9.15
unbound-1.17.1_2

cmcdonald

@bigjohns97 what if you just do pkg upgrade what does it offer to upgrade?

bigjohns97

@cmcdonald

Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (4 candidates): 100%
Processing candidates (4 candidates): 100%
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
whois: 5.5.7 [pfSense]

Installed packages to be UPGRADED:
pfSense: 23.01.b.20230106.0600 -> 23.01.r.20230202.1645 [pfSense]
pfSense-Status_Monitoring: 1.7.11_4 -> 1.8 [pfSense]
pfSense-repo: 23.01.b.20230106.0600 -> 23.01.r.20230202.1645 [pfSense]
python39: 3.9.15 -> 3.9.16 [pfSense]

Number of packages to be installed: 1
Number of packages to be upgraded: 4

71 KiB to be downloaded.

Proceed with this action? [y/N]:

cmcdonald

@bigjohns97

What repo is set on the update GUI page?

bigjohns97

@cmcdonald