1.2.1 upgrade resulted in outdated bogon list.

thekurgan

You can find the source of the updater in /etc/crontab

jahonix

Really?

Which of those lines does it?  ;-)

*      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 ssh
  *      root    /etc/pppoerestart
  *      root    /usr/local/sbin/squid -k rotate
  *      root    /usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today

thekurgan

Looks like you are missing some entries.  Here is my /etc/crontab:

$ cat /etc/crontab
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour    mday    month  wday    who      command

pfSense specific crontab entries

Created: December 26, 2008, 6:38 pm

0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update

*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot

*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c

*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/140 * * * * root /usr/local/sbin/reset_slbd.sh

If possible do not add items to this file manually.

If you do so, this file must be terminated with a blank line (e.g. new line)

dotdash

I copied /etc/rc.update_bogons.sh to a temporary script, removed the sleep and ran it.

jahonix

Thanks!

Dec 30 12:04:50 root: 11 addresses deleted.
Dec 30 12:04:50 root: Bogons file downloaded: 1 addresses added.
Dec 30 12:04:48 root: rc.get_bogons.sh is beginning the update cycle.
Dec 30 12:04:48 root: rc.get_bogons.sh is starting up.

Actually, I seem to be missing some cron jobs on all the machines I updates from 1.2rel or 1.2.1RCs
Could be an update glitch?  Scott? ;-)

Time for a fresh install…

dotdash

Updating from 1.2.1 (with updated bogon list) to 1.2.2 resulted in the same problem with old bogons. Just a FYI.

cmb

I updated it in CVS a few days ago.  Existing installs will always update to the latest on the first of every month, or you can run it manually to update right away.

cmb

If you don't have the update in /etc/crontab, it's because it's in the cron entries in your config.xml. Newer installs won't have it in /etc/crontab but older ones will. It works the same either way.

Emab

I've a 1.2.2 version.

My /etc/crontab is empty:

SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour    mday    month   wday    who      command
#

and I couln't find any cron entry in config.xml

I need a fresh install?

cmb

@Emab:

and I couln't find any cron entry in config.xml

I need a fresh install?

Shouldn't. You sure there isn't anything in your config like this:

<cron><minute>0</minute>
                        <hour></hour>
                        <mday></mday>
                        <month></month>
                        <wday></wday>
                        <who>root</who>
                        <command></command>/usr/bin/nice -n20 newsyslog

That came from a years-old install upgraded to 1.2.2.</cron>

Emab

@cmb:

Shouldn't. You sure there isn't anything in your config like this:

<cron><minute>0</minute>
                        <hour></hour>
                        <mday></mday>
                        <month></month>
                        <wday></wday>
                        <who>root</who>
                        <command></command>/usr/bin/nice -n20 newsyslog

That came from a years-old install upgraded to 1.2.2.</cron>

No, it isn't.

I've only

For example I've bogon filtering activated, but neither in cron or in config.xml appear the script to update them.
What I can do?

cmb

Backup your config, open it in a text editor and replace <cron>with this:

	 <cron><minute>0</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 newsyslog 
		 <minute>1,31</minute>
			<hour>0-5</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 adjkerntz -a 
		 <minute>1</minute>
			<hour>3</hour>
			<mday>1</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh 
		 <minute>*/60</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 
		 <minute>1</minute>
			<hour>1</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update 
		 <minute>*/60</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot 
		 <minute>*/60</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c 
		 <minute>*/5</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/local/bin/checkreload.sh 
		 <minute>*/5</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/etc/ping_hosts.sh 
		 <minute>*/300</minute>
			<hour>*</hour>
			<mday>*</mday>
			<month>*</month>
			<wday>*</wday>
			<who>root</who>
			<command></command>/usr/local/sbin/reset_slbd.sh</cron> 

Will see if I can figure out how you don't have that.</cron>

Emab

Thank you!
Just added!