pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start
-
Hello everyone,
I just installed pfBlockerNG. I used the wizard to configure the interfaces. Everything seems to go well, but when I check the status of my services, the pfBlockerNG-devel service won’t start, even when I try to launch it manually.UPDATE PROCESS ENDED [ 08/5/25 15:00:12 ] CRON PROCESS START [ v3.2.8 ] [ 08/5/25 16:00:00 ] [ Abuse_Feodo_C2_v4 ] Remote timestamp: Tue, 5 Aug 2025 13:55:03 GMT Local timestamp: Tue, 5 Aug 2025 12:55:03 GMT Update found [ Abuse_SSLBL_v4 ] Remote timestamp: Fri, 3 Jan 2025 11:40:41 GMT Local timestamp: Fri, 3 Jan 2025 11:40:41 GMT Update not required [ CINS_army_v4 ] Remote timestamp: Tue, 5 Aug 2025 11:49:59 GMT Local timestamp: Tue, 5 Aug 2025 11:49:59 GMT Update not required [ ET_Block_v4 ] [ 08/5/25 16:00:01 ] Remote timestamp: Mon, 4 Aug 2025 04:30:02 GMT Local timestamp: Mon, 4 Aug 2025 04:30:02 GMT Update not required [ ET_Comp_v4 ] [ 08/5/25 16:00:03 ] Remote timestamp: Mon, 4 Aug 2025 22:36:09 GMT Local timestamp: Mon, 4 Aug 2025 22:36:09 GMT Update not required [ ISC_Block_v4 ] [ 08/5/25 16:00:08 ] Remote timestamp: Tue, 5 Aug 2025 13:45:05 GMT Local timestamp: Tue, 5 Aug 2025 12:00:06 GMT Update found [ Spamhaus_Drop_v4 ] [ 08/5/25 16:00:11 ] Remote timestamp: Tue, 5 Aug 2025 10:59:32 GMT Local timestamp: Tue, 5 Aug 2025 10:59:32 GMT Update not required [ Talos_BL_v4 ] Update found UPDATE PROCESS START [ v3.2.8 ] [ 08/5/25 16:00:12 ] ===[ DNSBL Process ]================================================ Loading DNSBL Statistics... completed Loading DNSBL SafeSearch... disabled Loading DNSBL Whitelist... completed [ StevenBlack_ADs ] exists. ===[ GeoIP Process ]============================================ ===[ IPv4 Process ]================================================= [ Abuse_Feodo_C2_v4 ] Downloading update .. 200 OK. completed .. Empty file, Adding '127.1.7.7' to avoid download failure. ------------------------------ Original Master Final ------------------------------ 0 1 1 [ Pass ] ----------------------------------------------------------------- [ Abuse_SSLBL_v4 ] exists. [ CINS_army_v4 ] exists. [ ET_Block_v4 ] exists. [ ET_Comp_v4 ] exists. [ ISC_Block_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 20 8 8 [ Pass ] ----------------------------------------------------------------- [ Spamhaus_Drop_v4 ] exists. [ 08/5/25 16:00:13 ] [ Talos_BL_v4 ] Downloading update .. 403 Forbidden [ pfB_PRI1_v4 - Talos_BL_v4 ] Download FAIL DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download. The Following List has been REMOVED [ Talos_BL_v4 ] ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_PRI1_v4 no changes. ===[ FINAL Processing ]===================================== [ Original IP count ] [ 18651 ] [ Final IP Count ] [ 16446 ] ===[ Deny List IP Counts ]=========================== 16447 total 14490 /var/db/pfblockerng/deny/CINS_army_v4.txt 1613 /var/db/pfblockerng/deny/ET_Block_v4.txt 325 /var/db/pfblockerng/deny/ET_Comp_v4.txt 9 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt 8 /var/db/pfblockerng/deny/ISC_Block_v4.txt 1 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 1 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt ====================[ Empty Lists w/127.1.7.7 ]================== Abuse_Feodo_C2_v4.txt Abuse_SSLBL_v4.txt ===[ DNSBL Domain/IP Counts ] =================================== 227972 /var/db/pfblockerng/dnsbl/StevenBlack_ADs.txt ====================[ IPv4/6 Last Updated List Summary ]============== Jan 3 2025 Abuse_SSLBL_v4 Aug 4 06:30 ET_Block_v4 Aug 5 00:36 ET_Comp_v4 Aug 5 12:59 Spamhaus_Drop_v4 Aug 5 13:49 CINS_army_v4 Aug 5 15:00 ISC_Block_v4 Aug 5 15:55 Abuse_Feodo_C2_v4 ====================[ DNSBL Last Updated List Summary ]============== Aug 5 13:09 StevenBlack_ADs =============================================================== Database Sanity check [ FAILED ] ** These two counts should match! ** ------------ Masterfile Count [ 16446 ] Deny folder Count [ 16445 ] Duplication sanity check (Pass=No IPs reported) ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 16447 /var/db/aliastables/pfB_PRI1_v4.txt pfSense Table Stats ------------------- table-entries hard limit 400000 Table Usage Count 171866 UPDATE PROCESS ENDED [ 08/5/25 16:00:14 ]Thks for your help !
-
@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
===[ DNSBL Process ]================================================
Loading DNSBL Statistics... completed
Loading DNSBL SafeSearch... disabled
Loading DNSBL Whitelist... completed... and the rest is "IP" stuff , not DNSBL.
Do you have DNSBL lists ?
I mean, if you gave none, the "pfb_dnsbl - pfBlockerNG DNSBL service" doesn't need to run.@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
[ Talos_BL_v4 ] Downloading update .. 403 Forbidden
Better put this one on a hold for now - or call the guy who host the file and ask him to repair the situation ^^
@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
Masterfile Count [ 16446 ]
Deny folder Count [ 16445 ]Euh ..... one is awol. Not sure what to say : disable one by one your lists and when things start to work again, you'll know which one to disable.
-
@Gertjan said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
Masterfile Count [ 16446 ] Deny folder Count [ 16445 ]This sanity check failure might be the issue as discussed here:
pfblockerNG Database Sanity check Failed -
@anthonys
thks for your solution ,I no longer have the error on the count. I still have the DNSBL service with the red cross. I’m simply trying to do GeoIP blocking, so I enabled GeoIP blocking for different continents. I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS.Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+ Aug 5 13:23:26,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,177.72.195.114,51765,6881,out,BR,pfB_PRI1_v4,177.72.195.114,CINS_army_v4,Unknown,truenasr740,null,+ Aug 5 13:23:32,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,217.76.54.225,51765,51561,out,DE,pfB_PRI1_v4,217.76.54.225,CINS_army_v4,vmi1567930.contaboserver.net,truenasr740,null,+ Aug 5 13:34:02,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,102.212.41.5,51765,1721,out,NG,pfB_PRI1_v4,102.212.41.5,CINS_army_v4,Unknown,truenasr740,null,+ Aug 5 14:20:57,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,177.72.195.114,51765,6881,out,BR,pfB_PRI1_v4,177.72.195.114,CINS_army_v4,Unknown,truenasr740,null,+ Aug 5 14:21:02,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,217.76.54.225,51765,51561,out,DE,pfB_PRI1_v4,217.76.54.225,CINS_army_v4,vmi1567930.contaboserver.net,truenasr740,null,+ Aug 11 08:06:58,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,177.72.195.114,51765,6881,out,BR,pfB_PRI1_v4,177.72.195.114,CINS_army_v4,Unknown,truenasr740,null,+
I’m just starting out, so please be kind. Thank you. -
@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS
I'll decode this one :
@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start:
Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+
Traffic, coming into LAN, from a LAN device (192.168.2.13 = your TrueNAS) going to a Chinise ( 116.147.64.181 ) Brazilian ( 177.72.195.114 - = next line ) was blocked by the "pfB_PRI1_v4" list.
That's probably good thing ? ( ! ). Up to you to discover why your NAS should initiate connections to these countries. A NAS can go outside for maintenance purposes, for example to look for updates of it's system. These could be located anywhere of course.The GeoIP IP created a rule for you.
How and where do you use that this rule ?
