pfb_dnsbl wont start in clean installation
-
Hi all!
In other machine I installed pfsense (2.7.0) and last version of pfBlockerng. But now I have install the same combination in another machine and the service of pfBlokerng doesn't start:
I tried change defaults ports, but didn't work.
I tried force update and reload and all same normal:
UPDATE PROCESS START [ v3.2.0_6 ] [ 11/23/23 14:47:21 ]
===[ DNSBL Process ]================================================
Loading DNSBL Statistics... completed
Loading DNSBL SafeSearch... disabled
Loading DNSBL Whitelist... completed[ StevenBlack_ADs ] Reload . completed ..
Whitelist: 5726.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|aax-cpm.amazon-adsystem.com|aax-dtb-cf.amazon-adsystem.com|aax-eu-retail-direct.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-us-east-retail-direct.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us.amazon-adsystem.com|aax.amazon-adsystem.com|adsafeprotected.com|amazon-adsystem.com|anycast.dt.adsafeprotected.com|appvast.adsafeprotected.com|bs.eyeblaster.akadns.net|bs.serving-sys.com|c.amazon-adsystem.com|cdn-a.amazon-adsystem.com|cdn.adsafeprotected.com|control.kochava.com|device-metrics-us-2.amazon.com|dra.amazon-adsystem.com|dt.adsafeprotected.com|dtvc.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|fls-na.amazon.com|fw.adsafeprotected.com|fwvc.adsafeprotected.com|images-aud.sourceforge.net|imp.control.kochava.com|ir-de.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|localhost.localdomain|mads.amazon-adsystem.com|mobile-static.adsafeprotected.com|mobile.adsafeprotected.com|nyidt.adsafeprotected.com|orfw.adsafeprotected.com|orpixel.adsafeprotected.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|ps-eu.amazon-adsystem.com|ps-jp.amazon-adsystem.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|sgfw.adsafeprotected.com|sgpixel.adsafeprotected.com|spixel.adsafeprotected.com|static.adsafeprotected.com|unified.adsafeprotected.com|vafw.adsafeprotected.com|vapixel.adsafeprotected.com|vast.adsafeprotected.com|video.adsafeprotected.com|web-sdk.control.kochava.com|wildcard.moatads.com.edgekey.net|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|wrapper-vast.adsafeprotected.com|ws-eu.amazon-adsystem.com|ws-fe.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-eu.amazon-adsystem.com|z-na.amazon-adsystem.com|Orig. Unique # Dups # White # TOP1M Final
158149 158149 0 77 0 158072
Saving DNSBL statistics... completed [ 11/23/23 14:47:35 ]
Assembling DNSBL database...... completed
Restarting DNSBL Service
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts:
No changes required.
Starting Unbound Resolver... completed [ 11/23/23 14:47:37 ]
DNSBL update [ 158072 | PASSED ]... completed [ 11/23/23 14:47:39 ]===[ GeoIP Process ]============================================
===[ IPv4 Process ]=================================================
[ Abuse_Feodo_C2_v4 ] Reload . completed ..
Original Master Final
13 13 13 [ Pass ]
[ Abuse_SSLBL_v4 ] Reload . completed ..
Original Master Final
16 16 16 [ Pass ]
[ CINS_army_v4 ] Reload . completed ..
Original Master Final
15000 15000 15000 [ Pass ]
[ ET_Block_v4 ] Reload . completed ..
Original Master Final
1081 1068 1068 [ Pass ]
[ ET_Comp_v4 ] Reload . completed ..
Original Master Final
268 249 249 [ Pass ]
[ ISC_Block_v4 ] Reload . completed ..
Original Master Final
20 8 8 [ Pass ]
[ Spamhaus_Drop_v4 ] Reload . completed ..
Original Master Final
967 0 0 [ Pass ]
[ Spamhaus_eDrop_v4 ] Reload . completed ..
Original Master Final
328 308 308 [ Pass ]
[ Talos_BL_v4 ] Reload . completed ..
Original Master Final
1641 1619 1619 [ Pass ]
===[ Aliastables / Rules ]==========================================
No changes to Firewall rules, skipping Filter Reload
Updating: pfB_PRI1_v4
no changes.===[ FINAL Processing ]=====================================
[ Original IP count ] [ 19332 ]
[ Final IP Count ] [ 18281 ]
===[ Deny List IP Counts ]===========================
18282 total
15000 /var/db/pfblockerng/deny/CINS_army_v4.txt
1619 /var/db/pfblockerng/deny/Talos_BL_v4.txt
1068 /var/db/pfblockerng/deny/ET_Block_v4.txt
308 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt
249 /var/db/pfblockerng/deny/ET_Comp_v4.txt
16 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt
13 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt
8 /var/db/pfblockerng/deny/ISC_Block_v4.txt
1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt====================[ Empty Lists w/127.1.7.7 ]==================
Spamhaus_Drop_v4.txt
===[ DNSBL Domain/IP Counts ] ===================================
158072 /var/db/pfblockerng/dnsbl/StevenBlack_ADs.txt
====================[ IPv4/6 Last Updated List Summary ]==============
Nov 6 19:05 Talos_BL_v4
Nov 22 06:30 ET_Block_v4
Nov 22 21:48 ET_Comp_v4
Nov 22 23:57 Spamhaus_Drop_v4
Nov 23 12:45 ISC_Block_v4
Nov 23 12:58 Spamhaus_eDrop_v4
Nov 23 13:17 CINS_army_v4
Nov 23 14:35 Abuse_SSLBL_v4
Nov 23 14:35 Abuse_Feodo_C2_v4====================[ DNSBL Last Updated List Summary ]==============
Nov 23 14:38 StevenBlack_ADs
Database Sanity check [ PASSED ]
Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq checkSync check (Pass=No IPs reported)
Alias table IP Counts
18282 /var/db/aliastables/pfB_PRI1_v4.txt
pfSense Table Stats
table-entries hard limit 400000
Table Usage Count 18947UPDATE PROCESS ENDED [ 11/23/23 14:47:40 ]
Log/file path: /var/log/pfblockerng/error.log is empty
What is the problem? What can I do?
PD: I tried export configuration from the other machine to the new, but still don't start this service
-
@abanet Upload last forced update:
UPDATE PROCESS START [ v3.2.0_6 ] [ 11/23/23 15:02:35 ]
===[ DNSBL Process ]================================================
Loading DNSBL Statistics... completed
Missing DNSBL stats and/or Unbound DNSBL files - RebuildingLoading DNSBL SafeSearch... disabled
Loading DNSBL Whitelist... completed[ StevenBlack_ADs ] Reload . completed ..
Whitelist: 5726.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|aax-cpm.amazon-adsystem.com|aax-dtb-cf.amazon-adsystem.com|aax-eu-retail-direct.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-us-east-retail-direct.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us.amazon-adsystem.com|aax.amazon-adsystem.com|adsafeprotected.com|amazon-adsystem.com|anycast.dt.adsafeprotected.com|appvast.adsafeprotected.com|bs.eyeblaster.akadns.net|bs.serving-sys.com|c.amazon-adsystem.com|cdn-a.amazon-adsystem.com|cdn.adsafeprotected.com|control.kochava.com|device-metrics-us-2.amazon.com|dra.amazon-adsystem.com|dt.adsafeprotected.com|dtvc.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|fls-na.amazon.com|fw.adsafeprotected.com|fwvc.adsafeprotected.com|images-aud.sourceforge.net|imp.control.kochava.com|ir-de.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|localhost.localdomain|mads.amazon-adsystem.com|mobile-static.adsafeprotected.com|mobile.adsafeprotected.com|nyidt.adsafeprotected.com|orfw.adsafeprotected.com|orpixel.adsafeprotected.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|ps-eu.amazon-adsystem.com|ps-jp.amazon-adsystem.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|sgfw.adsafeprotected.com|sgpixel.adsafeprotected.com|spixel.adsafeprotected.com|static.adsafeprotected.com|unified.adsafeprotected.com|vafw.adsafeprotected.com|vapixel.adsafeprotected.com|vast.adsafeprotected.com|video.adsafeprotected.com|web-sdk.control.kochava.com|wildcard.moatads.com.edgekey.net|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|wrapper-vast.adsafeprotected.com|ws-eu.amazon-adsystem.com|ws-fe.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-eu.amazon-adsystem.com|z-na.amazon-adsystem.com|Orig. Unique # Dups # White # TOP1M Final
158149 158149 0 77 0 158072
Assembling DNSBL database...... completed [ 11/23/23 15:02:44 ]
Added DNSBL Unbound python integration settings
Adding DNSBL Unbound python mounts:
Creating: /var/unbound/usr/local/bin
Mounting: /usr/local/bin
Creating: /var/unbound/usr/local/lib
Mounting: /usr/local/libRemoving DNSBL Unbound mode and/or DNSBL SafeSearch CNAME mode (Resolver adv. setting)
DNS Resolver ( enabled ) unbound.conf modifications:
Added DNSBL Unbound Python mode
Removed DNSBL SafeSearch mode
Added DNSBL Unbound Python mode scriptSaving new DNSBL web server configuration to port [ 8082 and 8443 ]
VIP address(es) configured
Restarting DNSBL Service
TLD:
TLD analysis.. completed
TLD finalize...Original Matches Removed Final
158072 49916 59261 98811
TLD finalize... completed [ 11/23/23 15:02:51 ]
Saving DNSBL statistics... completed
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts (DNSBL python):
Mounting: /lib
Mounting: /dev
Mounting: /var/log/pfblockerng
Mounting: /usr/local/share/GeoIP
Starting Unbound Resolver... completed [ 11/23/23 15:02:53 ]
Restarting DNSBL Service (DNSBL python)
DNSBL update [ 98811 | PASSED ]... completed===[ GeoIP Process ]============================================
===[ IPv4 Process ]=================================================
[ Abuse_Feodo_C2_v4 ] Reload . completed ..
Original Master Final
13 13 13 [ Pass ]
[ Abuse_SSLBL_v4 ] Reload . completed ..
Original Master Final
16 16 16 [ Pass ]
[ CINS_army_v4 ] Reload . completed ..
Original Master Final
15000 15000 15000 [ Pass ]
[ ET_Block_v4 ] Reload . completed ..
Original Master Final
1081 1068 1068 [ Pass ]
[ ET_Comp_v4 ] Reload . completed ..
Original Master Final
268 249 249 [ Pass ]
[ ISC_Block_v4 ] Reload . completed ..
Original Master Final
20 8 8 [ Pass ]
[ Spamhaus_Drop_v4 ] Reload . completed ..
Original Master Final
967 0 0 [ Pass ]
[ Spamhaus_eDrop_v4 ] Reload . completed ..
Original Master Final
328 308 308 [ Pass ]
[ Talos_BL_v4 ] Reload . completed ..
Original Master Final
1641 1619 1619 [ Pass ]
===[ Aliastables / Rules ]================================
Firewall rule changes found, applying Filter Reload
** Restarting firewall filter daemon **
===[ FINAL Processing ]=====================================
[ Original IP count ] [ 19332 ]
[ Final IP Count ] [ 18281 ]
===[ Deny List IP Counts ]===========================
18282 total
15000 /var/db/pfblockerng/deny/CINS_army_v4.txt
1619 /var/db/pfblockerng/deny/Talos_BL_v4.txt
1068 /var/db/pfblockerng/deny/ET_Block_v4.txt
308 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt
249 /var/db/pfblockerng/deny/ET_Comp_v4.txt
16 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt
13 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt
8 /var/db/pfblockerng/deny/ISC_Block_v4.txt
1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt====================[ Empty Lists w/127.1.7.7 ]==================
Spamhaus_Drop_v4.txt
===[ DNSBL Domain/IP Counts ] ===================================
158072 /var/db/pfblockerng/dnsbl/StevenBlack_ADs.txt
====================[ IPv4/6 Last Updated List Summary ]==============
Nov 6 19:05 Talos_BL_v4
Nov 22 06:30 ET_Block_v4
Nov 22 21:48 ET_Comp_v4
Nov 22 23:57 Spamhaus_Drop_v4
Nov 23 13:46 ISC_Block_v4
Nov 23 13:54 Spamhaus_eDrop_v4
Nov 23 14:20 CINS_army_v4
Nov 23 14:55 Abuse_SSLBL_v4
Nov 23 14:55 Abuse_Feodo_C2_v4====================[ DNSBL Last Updated List Summary ]==============
Nov 23 14:38 StevenBlack_ADs
Database Sanity check [ PASSED ]
Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq checkSync check (Pass=No IPs reported)
Alias table IP Counts
18282 /var/db/aliastables/pfB_PRI1_v4.txt
pfSense Table Stats
table-entries hard limit 400000
Table Usage Count 665UPDATE PROCESS ENDED [ 11/23/23 15:02:54 ]
-
See if this helps
https://forum.netgate.com/topic/184032/pfb_dnsnl-pfblockerng-dnsbl-service-won-t-start/24?_=1700748361493
-
@jrey said in pfb_dnsbl wont start in clean installation:
https://forum.netgate.com/topic/184032/pfb_dnsnl-pfblockerng-dnsbl-service-won-t-start/24?_=1700748361493
Responder
Thanks for your answer. I will try. For now, I have this:
I'm trying updating to 2.7.1 version and rebooting. I will tell you how It finish
-
Yup,
sadly the DNSBL service up status is tied to not only the DNSBL itself but also the lighttpd (and it should be)
certain at the point the actual DNSBL is running, but because the web part to display the block page isn't, it doesn't mark the service as a whole as "running"
The problem is the error isn't really logged properly, IMHO, so you have to go fishing to find it as the root cause. ie those failure messages would be a lot easier to find if the service start put them in the error.log. Currently they are just hidden.
-
Hi again! @jrey
I just read your answer and try update from 2.7.0 to 2.7.1 and reboot. That work for my! Now I have active the process.
Thanks a lot!
-
@abanet said in pfb_dnsbl wont start in clean installation:
Thanks a lot!
No problem. Have a great day!
-
G Gertjan referenced this topic on
-
J jrey referenced this topic on