Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GeoIP unk after recent update

    Scheduled Pinned Locked Moved pfBlockerNG
    16 Posts 5 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Beerman
      last edited by

      I have the same Issue... I think since the upgrade to pfSense 23.01.

      GeoLite2-Country.mmdb seems not be extracted.

      In the directory "/usr/local/share/GeoIP" I have "GeoLite2-Country.tar.gz" but no "GeoLite2-Country.mmdb".

      Is this a new bug in pfBlockerNG?

      1 Reply Last reply Reply Quote 0
      • B
        Beerman
        last edited by Beerman

        OK, seems to be an bug. It is already fixed in v3-2-0_2.

        Changelog v3-2-0_2

        But it does not seem to be published yet.. :(

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @Beerman
          last edited by

          @beerman check the pfblocker Reddit. The fix is there to be pulled down from the maintainer but not available yet through the package manager on Pf

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          B S 2 Replies Last reply Reply Quote 1
          • B
            Beerman @michmoor
            last edited by

            @michmoor

            Thanks, for the hint! :)

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @michmoor
              last edited by

              @michmoor said in GeoIP unk after recent update:

              pfblocker Reddit

              Thanks. Link: https://www.reddit.com/r/pfBlockerNG/comments/116fuie/temp_workaround_to_get_latest_v320_2_files/

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 1
              • B
                Beerman
                last edited by

                Hi,

                after applying the patch, I noticed that it seems to work only partially.
                (Before that all entries show "Unk")

                Bildschirmfoto vom 2023-02-21 08-54-19.png

                BBcan177B 1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator @Beerman
                  last edited by

                  @beerman
                  Try these commands:

                  mmdblookup -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 146.88.240.4 country mmdblookup -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 91.240.118.166 country iso_code

                  Also would avoid using the Firehol level 1 feed as it contains bogons etc. Especially for outbound use...

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  B 1 Reply Last reply Reply Quote 0
                  • B
                    Beerman @BBcan177
                    last edited by Beerman

                    @bbcan177

                    Here the output of the commands:

                    mmdblookup -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 146.88.240.4 country iso_code

  "US" <utf8_string>


mmdblookup -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 91.240.118.166 country iso_code

  "HK" <utf8_string>

                    The most entries are working, but yesterday I got another "Unk"..

                    unknown.png

                    I tried also the command with this IP:

                    mmdblookup -f /usr/local/share/GeoIP/GeoLite2-Country.mmdb -i 162.142.125.142 country iso_code

  "US" <utf8_string>

                    (And Firehol Level 1 is only inbound... :) But thx, for the hint!)

                    BBcan177B 1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator @Beerman
                      last edited by

                      @beerman
                      It could be that the old records are in the sqlite cache file?

                      sqlite3 /var/db/pfblockerng/ip_cache.sqlite .dump

                      You could delete that file "/var/db/pfblockerng/ip_cache.sqlite" and then restart the pfb_filter service, and see how it goes from there?

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        Beerman @BBcan177
                        last edited by

                        @bbcan177

                        Thx, fpr your support! :)

                        I have since uninstalled and reinstalled the pfBlockerNG-devel package. I also deleted the directories (/usr/local/share/GeoIP and /var/db/pfblockerng).

                        Since then, I have not noticed any more such entries. If an entry appears again, I will test the commands and report in this thread.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.