Country Block

ghm

Hi,

I use 1.2.3 embedded. Country Block apparently installed ok and I could commit countries + enable but sadly Country Block drops into disabled pretty often (stays on for maybe an hour or so).

One thing I have seen: Under the "Whitelist" tab (where I have not added any IPs), there is this message:

Warning: fopen(countries-white.txt): failed to open stream: Read-only file system in /usr/local/www/packages/countryblock/whitelist.php on line 134 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/www/packages/countryblock/whitelist.php on line 135 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/www/packages/countryblock/whitelist.php on line 140

Any chance to get this going on embedded? I really like the package…

Thanks1

tommyboy180

@ghm:

Hi,

I use 1.2.3 embedded. Country Block apparently installed ok and I could commit countries + enable but sadly Country Block drops into disabled pretty often (stays on for maybe an hour or so).

One thing I have seen: Under the "Whitelist" tab (where I have not added any IPs), there is this message:
Warning: fopen(countries-white.txt): failed to open stream: Read-only file system in /usr/local/www/packages/countryblock/whitelist.php on line 134 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/www/packages/countryblock/whitelist.php on line 135 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/www/packages/countryblock/whitelist.php on line 140 
Any chance to get this going on embedded? I really like the package…

Thanks1

That's strange. I added embedded support in version 1.5 a long time ago. What package version do you have?

ghm

@tommyboy180:

That's strange. I added embedded support in version 1.5 a long time ago. What package version do you have?

0.2.0 - I attach a list of my installed packages below. CB is my newest.

packages.png_thumb

dlawley

@dlawley:

Something must have been hanging around. Had to remove, then reinstall. Now have CIDR folder and have networks blocked.

Thanks for the help, its better help than we get around here for paid support…

Sorry sorry for the misunderstanding…. I meant paid support here at our shop ::)

mst

I am sorry for confusion …..

recently had this:

Current Status = Restarting
no IP address found for __csrf_magic
You are blocking 0 Networks

Pfsence 2.0 Beta 5 ......

ghm

@ghm:

@tommyboy180:

That's strange. I added embedded support in version 1.5 a long time ago. What package version do you have?

0.2.0 - I attach a list of my installed packages below. CB is my newest.

OK - and I can reproduce the following: My system gets a new dynamic WAN-IP every 12hrs (ISP requires that). That change renders CountyBlock not enabled and I have to re-enable manually.

Supermule

You can add a cron job…..

I cant remember which file to add to the job, but Tom knows.....:)

mst

I have the same problem even after setting up the cron. Have to manually enable it and then it works. 2.0 beta 5 …...

I have fallowed this thread with cron guidance but it looks like it does not work .....

Please advice

JackANSI

When you check "Enable Logging?" in the settings page, where is it being logged to?

tommyboy180

@JackANSI:

When you check "Enable Logging?" in the settings page, where is it being logged to?

The firewall tab under system logs.

XIII

@tommyboy180:

Thank you. I appreciate the kind words. I'm sure many other package managers are just the same.

I am only referring to my personal experience in contacting you. I know most if not all are very excellent.

For the cron job the command is : /usr/local/etc/rc.d/countryblock.sh

ghm

@XIII:

For the cron job the command is : /usr/local/etc/rc.d/countryblock.sh

I have now installed the Cron package as well, reinstalled Country Block and added the above command (every */5 minutes). It does not restart Country Block properly. I do see the following in Syslog every 5 minutes:

root: Countryblock was found not running

Is there a restart option that I need to add or is 5min to long - or else?

Thanks!

Supermule

Is it possible to build a cron job as a part of CB?? So it does this automatically??

Supermule

My cronjob is not working either…...it starts the package every minute.

Not running is the current status and the Cron doesnt start it.

mst

After I go into the topic more deeply, I have found that Country Block is running. Problem was with crone ( */5 ) => (0) fixed the problem.

Also:

![country block.JPG](/public/imported_attachments/1/country block.JPG)
![country block.JPG_thumb](/public/imported_attachments/1/country block.JPG_thumb)

Supermule

But then it runs all the time….

Not optimal...

@mst:

After I go into the topic more deeply, I have found that Country Block is running. Problem was with crone ( */5 ) => (0) fixed the problem.

Also:

tommyboy180

@Supermule:

But then it runs all the time….

Not optimal...

@mst:

After I go into the topic more deeply, I have found that Country Block is running. Problem was with crone ( */5 ) => (0) fixed the problem.

Also:

The cron script checks to see if countryblock is running. If it is then it will exit and if countryblock is not running then it will attempt to start the package. It's fine.

ghm

@tommyboy180:

The cron script checks to see if countryblock is running. If it is then it will exit and if countryblock is not running then it will attempt to start the package. It's fine.

…still only get```
root: Countryblock was found not running

mst

sorry false alarm….. I was too happy ....

after almost one day of working get this again:

Current Status = NOT running
no IP address found for __csrf_magic

I used firefox ....

ghm

@tommyboy180:

The cron script checks to see if countryblock is running. If it is then it will exit and if countryblock is not running then it will attempt to start the package. It's fine.

I've now executed the command manually - and the status page now shows:```
Current Status = NOT running
/tmp/rules.debug:79: cannot load "/usr/local/www/packages/countryblock/lists/countries.txt": No such file or directory
You are blocking 0 Networks


Again, if I start CountryBlock manually via the WebIF its runs until the next PPPOE restart.
But the command /usr/local/etc/rc.d/countryblock.sh does not restart it.
In fact I get this if I execute it manually (yes, it echoes "not running" and then the contents is printed,,,):

$ /usr/local/etc/rc.d/countryblock.sh
not running
Content-type: text/html

#version 2.0
#check if countryblock running
export resultr=pfctl -s rules | grep -c countryblock
#echo $resultr
if [ "$resultr" -gt "0" ]; then
echo running
exit 1
else
echo not running
/usr/bin/logger -s "Countryblock was found not running"
echo "Countryblock not running" | /usr/local/bin/php /usr/local/www/packages/countryblock/email_send.php
fi

pfctl -t countryblock -T kill
sed -i -e '/countryblock/d' /tmp/rules.debug

#Now edit /tmp/rules.debug

#find my line for table
export i=grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2,4\}'
export t=grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]\{1,2\}'

i=$(($i+'1'))
t=$(($t+'1'))
#i = line where <snort2c>is
#t is where 'User Aliases' is
echo $i
echo $t

rm /tmp/rules.debug.tmp

#Insert table-entry limit
sed -i -e '/900000/d' /tmp/rules.debug
while read line
do a=$(($a+1));
#echo $a;
if [ "$a" = "$t" ]; then
echo "" >> /tmp/rules.debug.tmp
echo "set limit table-entries 900000" >> /tmp/rules.debug.tmp
fi
echo $line >> /tmp/rules.debug.tmp
done < "/tmp/rules.debug"

mv /tmp/rules.debug /tmp/rules.debug.old
mv /tmp/rules.debug.tmp /tmp/rules.debug

pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1

rm /tmp/rules.debug.tmp

#Insert countryblock rules
a="0"
echo $a
while read line
do a=$(($a+1));
echo $a;
if [ "$a" = "$i" ]; then
echo "" >> /tmp/rules.debug.tmp
echo "#countryblock" >> /tmp/rules.debug.tmp
echo "table <countryblock>persist file '/usr/local/www/packages/countryblock/lists/countries.txt'" >> /tmp/rules.debug.tmp
echo "table <countryblockw>persist file '/usr/local/www/packages/countryblock/countries-white.txt'" >> /tmp/rules.debug.tmp

	for i in $(cat /usr/local/www/packages/countryblock/interfaces.txt); do
		echo "pass quick from <countryblockw>to $i label 'countryblock'" >> /tmp/rules.debug.tmp
		echo "pass quick from $i to <countryblockw>label 'countryblock'" >> /tmp/rules.debug.tmp
		if [ -f logging ]; then
			echo "block log quick from <countryblock>to $i label 'countryblock'" >> /tmp/rules.debug.tmp
		else
			echo "block quick from <countryblock>to $i label 'countryblock'" >> /tmp/rules.debug.tmp
		fi
		if [ -f OUTBOUND ]; then
			echo "block quick from $i to <countryblock>label 'countryblock'" >> /tmp/rules.debug.tmp
		fi
	done
fi
echo $line >> /tmp/rules.debug.tmp

done < "/tmp/rules.debug"

mv /tmp/rules.debug /tmp/rules.debug.old
mv /tmp/rules.debug.tmp /tmp/rules.debug

rm errorOUT.txt
pfctl -o basic -f /tmp/rules.debug > /usr/local/www/packages/countryblock/errorOUT.txt 2>&179
10
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209</countryblock></countryblock></countryblock></countryblockw></countryblockw></countryblockw></countryblock></snort2c></snort2c>


I've left the empty lines in.

If I start Country Block via ticking the box on the WebIF and then run the script, it correctly returns```
$ /usr/local/etc/rc.d/countryblock.sh
running

This is all happening on 1.2.3 nanobsd using firefox.