No IPs suddenly

fireix

I'm using this tool to limit countries that are allowed to connect on certain services.

I have about 10.000 IPs for my country and I woke up today with phonecalls that no-one was able to connect.

I found out that the countrylist was empty. The fix was easy enough, just run an extra update. But why does this happen and is there a way to avoid this happening again (or at least running country-list manually)?

I'm still hoping for a smoother way to allow traffic per country than this, but this has at least worked as a work-around for now.

===[  DNSBL Process  ]================================================

DNSBL: Flush DNSBL_IP1/1 addresses added.

Clearing all DNSBL Feeds…  completed
Validating database... completed
Reloading Unbound.... completed
cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory
DNSBL update [ 0 | PASSED  ]… completed [ 11/15/16 07:00:21 ]
–----------------------------------------

===[  Continent Process  ]============================================

Could not open ISO [ DK_v4 ]
Could not open ISO [ DK_rep_v4 ]
Could not open ISO [ PL_v4 ]
Could not open ISO [ SE_v4 ]
[ pfB_Europe_v4 ] Changes found… Updating
[ pfB_Europe_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file
Could not open ISO [ PN_rep_v4 ]
[ pfB_Oceania_v4 ] exists. [ 11/15/16 07:00:22 ]
Could not open ISO [ PL_v4 ]
Could not open ISO [ PL_rep_v4 ]
Could not open ISO [ ES_v4 ]
Could not open ISO [ ES_rep_v4 ]
[ pfB_Top_v4 ] Changes found… Updating
[ pfB_Top_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file

BBcan177

Not sure if this is resolved, but you could try to re-download the MaxMind Database manually:

php /usr/local/www/pfblockerng/pfblockerng.php dc

fireix

It was solved by running the update manually once more (re-running the cronjob that fills up the IP-list).

I notice this happens almost every day now. People can't connect while the database is rebuilding. Doesn't look like an optimal way to do this. I have to run this thing manually off-hours from now on and it is a extra work I would like to not have…

doktornotor

And why are you rebuilding the database every day when it's being updated once every month by upstream?

RonpfS

On my P4 386 system, Cron update takes 20-40 minutes to complete,
DNS reload of the 92MB pfb_dnsbl.conf takes 4-5 minutes.

2016-12-07 02:27:16	Daemon.Info	1.2.3.4	Dec  7 02:27:19 unbound: [66112:0] info: service stopped (unbound 1.5.10).
2016-12-07 02:31:23	Daemon.Info	1.2.3.4	Dec  7 02:31:26 unbound: [66112:0] info: start of service (unbound 1.5.10).
```During the reload, DNS fails, so it's not a bad idea to run cron update off-hours.

As for the Maxmind database, once it is rebuilt, there is no need to run```
php /usr/local/www/pfblockerng/pfblockerng.php dc
```until something breaks or a new MaxMind database is released and for some reason the cron MaxMind update failed.