PfBlocker not updating after initial list download and only trying once a day
-
I see this behaviour on the embedded version 2.1.5 (nanobsd) whenever the media read/write status is read-only.
-
I see this behaviour on the embedded version 2.1.5 (nanobsd) whenever the media read/write status is read-only.
tobi64 - Thanks for the heads up. I am starting to think this is a NANO platform related issue. I have changed my NANO file system to RW, and tried the rc.updatealiastables command, and nothing changes. I ordered a SSD, and will be installing the Full version, and testing against that in the coming weeks.
-
May be I'm wrong, but in my eyes the command 'rc.updatealiastables' has nothing to do with pfblocker. The periodically update uses the command 'php -q /usr/local/www/pfblocker.php cron'. I tried it on page 'Diagnostics / Command Prompt' without success. But it works over ssh using Putty.exe. But only if the media read/write status is read-write.
-
tobi64 - I found in the pf forums that pfblocker relies on pfsense to do the actual list update. That command was the one that people were using to force update the URL alias lists. I think its broke as it has never forked for me though. Ill continue with my plan to swap out pfsense HDD with Full install HDD, and continue trouble shooting.
On another note….. I have another PFsense (Full Install) that just had every list, other than Country lists, disappear in all location (Aliases>URLs, PFblocker widget, and /var/db/aliatables/*. They are still referenced in Firewall>Pf blocker>lists though!?! WTH Getting tired of this PFblocker acting like a fool. I think I'm just going to add/remove the package,and set it up from fresh. Grrrr...
-
Hi ashes00,
tobi64 - I found in the pf forums that pfblocker relies on pfsense to do the actual list update.
pfBlocker should update on its own. the rc.update_urltables will update once every 32 days only.
What settings are you using for the "Action" in the Alias TAB?
On another note….. I have another PFsense (Full Install) that just had every list, other than Country lists, disappear in all location (Aliases>URLs, PFblocker widget, and /var/db/aliatables/*. They are still referenced in Firewall>Pf blocker>lists though!?! WTH Getting tired of this PFblocker acting like a fool. I think I'm just going to add/remove the package,and set it up from fresh. Grrrr...
From the comment above, either pfBlocker was Disabled, or the Action is set as "Disabled" or the Update Frequency is set to "Never"
If that is not the case, reply back…
-
BBcan177 - Thanks for responding! :)
What settings are you using for the "Action" in the Alias TAB?
General Settings TAB Inbound Action = Block, and Outbound action - reject. Lists TAB Deny_Both for all but 1 list.
From the comment above, either pfBlocker was Disabled, or the Action is set as "Disabled" or the Update Frequency is set to "Never"
If that is not the case, reply back… --> This is my 2nd pfsense,and the actions are the same as 1st pfsesne system.
My update frequency is always set to 4 Hours for both pfsense routers.
Hope this helps.
Also I have upgraded pfsesne unit 1 from NANO build v2.1.3 to Full Install v2.1.5 on Friday night. I still have 2 lists that are not updating to what www.iblocklist.com says the CIDRs count should equal. Lists not updating = spyware and hijacked (bluetrack version).
Ash
-
Which lists are you having issues with? What are you expecting the count to be?
-
Which lists are you having issues with? What are you expecting the count to be?
1. I am using the following iblocklist.com lists. (with a paid subscription)
hijacked - Bluetack (p2p, gz) [Number of ranges = 496, Last updated 11/11/14]
spyware - Bluetrack (p2p, gz) [Number of ranges = 3201, Last updated 11/11/14]On 2 different PFsense systems report the following CIDR counts
PF01 (Full install v2.1.5)
hijacked = 536 CIDRs
spyware = 3565 CIDRsPF02 (Full install v2.1.3)
hijacked = 536 CIDRs
spyware = 3565 CIDRsI am expecting to see the following on both PFsense systems.
hijacked = 496 CIDRs
spyware = 3201 CIDRs2. Side note, what is the best/proper iblocklist.com (paid subscription) File Format? p2p, dat, cidr, or hosts? I picked p2p after reading tons of PFsense PFblocker threads, but not 100% sure what the best choice is here.
3. Also thanks so much for all you do. From what I read you seem to be leading the path for the rebirth/redesign of PFBLOCKER. Keep up the great work, and THANK YOU!!!!!! Is there anytime line on when the newer PFBLOCKER might come out in "Available Packages"?
Ash
-
You would use p2p,gz format.
With my version of pfBlockerNG, I have the following counts for those Lists:
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Hijack.orig
536 IBlock_BT_Hijack.orighttp://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Spy.orig
3565 IBlock_BT_Spy.origIf you want to help Beta Test, send me a PM. The Devs are busy with 2.2, so when they have time I hope they will review.
-
You would use p2p,gz format.
With my version of pfBlockerNG, I have the following counts for those Lists:
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Hijack.orig
536 IBlock_BT_Hijack.orighttp://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Spy.orig
3565 IBlock_BT_Spy.origHey BBcan177, Well that matches up with what I have when I do wc -l on both lists and both PFsense systems. Great you and I are experiencing the same situation then (Great Base line). When I go over to the iblocklist.com website the stated Number of ranges are different.
https://www.iblocklist.com/list.php?list=usrcshglbiilevmyfhse –> Number of ranges = 496, not 536
https://www.iblocklist.com/list.php?list=llvtlsjyoyiczbkjsxpf --> Number of ranges = 3201, not 3565When I download the list manually to my Win7 PC, and do line count I get 496, & 3201 respectively. I could understand if our lists were smaller if PFblocker was dedupping some ranges, but both our lists are larger than what we are being given. This leads me to believe that PBflocker is not updating the list correctly. Is my logic flawed?
Both my PFsense systems are production, so I can't Beta test at the moment. If I can find some hardware to spare I'll PM you later.
Again thanks for all your help!
Ash, -
You would use p2p,gz format.
With my version of pfBlockerNG, I have the following counts for those Lists:
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Hijack.orig
536 IBlock_BT_Hijack.orighttp://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Spy.orig
3565 IBlock_BT_Spy.origHey BBcan177, Well that matches up with what I have when I do wc -l on both lists and both PFsense systems. Great you and I are experiencing the same situation then (Great Base line). When I go over to the iblocklist.com website the stated Number of ranges are different.
https://www.iblocklist.com/list.php?list=usrcshglbiilevmyfhse –> Number of ranges = 496, not 536
https://www.iblocklist.com/list.php?list=llvtlsjyoyiczbkjsxpf --> Number of ranges = 3201, not 3565When I download the list manually to my Win7 PC, and do line count I get 496, & 3201 respectively. I could understand if our lists were smaller if PFblocker was dedupping some ranges, but both our lists are larger than what we are being given. This leads me to believe that PBflocker is not updating the list correctly. Is my logic flawed?
Both my PFsense systems are production, so I can't Beta test at the moment. If I can find some hardware to spare I'll PM you later.
Again thanks for all your help!
Ash, -
You would use p2p,gz format.
With my version of pfBlockerNG, I have the following counts for those Lists:
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Hijack.orig
536 IBlock_BT_Hijack.orighttp://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
wc -l IBlock_BT_Spy.orig
3565 IBlock_BT_Spy.origHey BBcan177, Well that matches up with what I have when I do wc -l on both lists and both PFsense systems. Great you and I are experiencing the same situation then (Great Base line). When I go over to the iblocklist.com website the stated Number of ranges are different.
https://www.iblocklist.com/list.php?list=usrcshglbiilevmyfhse –> Number of ranges = 496, not 536
https://www.iblocklist.com/list.php?list=llvtlsjyoyiczbkjsxpf --> Number of ranges = 3201, not 3565When I download the list manually to my Win7 PC, and do line count I get 496, & 3201 respectively. I could understand if our lists were smaller if PFblocker was dedupping some ranges, but both our lists are larger than what we are being given. This leads me to believe that PBflocker is not updating the list correctly. Is my logic flawed?
Both my PFsense systems are production, so I can't Beta test at the moment. If I can find some hardware to spare I'll PM you later.
Again thanks for all your help!
Ash,wcrowder - Maybe I have this backwards, But, the use of CIDR would allow my PFsense list to be SMALLER than that of the Original list. The fact that my PFsense list is larger does not make any sence if the PFsense is summarizing the IP ranges in order to reduce the amount of data to hold. In addition the other lists I have are the same qty on pfsense and iblocklists.com. Sorry I just do not see how this is applicable. I see see my PFsense as not updating to the correct number of ranges provided by iblocklist.com. Please understand I mean no disrespect, just don't see how CIDR is going to change only 2 lists. If I am blindly missing something, please feel free to explain. Thanks for your help.
BBcan177 - Do you think that my logic in my reply on "November 12, 2014, 12:18:45 pm" makes since? Thanks again for your help.
Ash,
-
wcrowder was leading you in the right direction :)
Take for example this Range from the IBlock BT Spyware List
Range Format
221.181.73.214-221.181.73.221:Converts to the following in CIDR Notation
221.181.73.214/31
221.181.73.216/30
221.181.73.220/31So comparing Line Count in Range to CIDR is not going to be exact depending on the Ranges in a particular list.
Hope this makes it clearer.
-
wcrowder was leading you in the right direction :)
Take for example this Range from the IBlock BT Spyware List
Range Format
221.181.73.214-221.181.73.221:Converts to the following in CIDR Notation
221.181.73.214/31
221.181.73.216/30
221.181.73.220/31So comparing Line Count in Range to CIDR is not going to be exact depending on the Ranges in a particular list.
Hope this makes it clearer.
BBcan177 - Thanks, and I guess that settles that. :) So it looks like the only way I have to validate that lists are updating is just if they change from time to time.
wcrowder - Sorry, & Thank you. I guess I had that backwards.
Ash,
