No IPs suddenly
-
I'm using this tool to limit countries that are allowed to connect on certain services.
I have about 10.000 IPs for my country and I woke up today with phonecalls that no-one was able to connect.
I found out that the countrylist was empty. The fix was easy enough, just run an extra update. But why does this happen and is there a way to avoid this happening again (or at least running country-list manually)?
I'm still hoping for a smoother way to allow traffic per country than this, but this has at least worked as a work-around for now.
===[ DNSBL Process ]================================================
DNSBL: Flush DNSBL_IP1/1 addresses added.
Clearing all DNSBL Feeds… completed
Validating database... completed
Reloading Unbound.... completed
cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory
DNSBL update [ 0 | PASSED ]… completed [ 11/15/16 07:00:21 ]
–----------------------------------------===[ Continent Process ]============================================
Could not open ISO [ DK_v4 ]
Could not open ISO [ DK_rep_v4 ]
Could not open ISO [ PL_v4 ]
Could not open ISO [ SE_v4 ]
[ pfB_Europe_v4 ] Changes found… Updating
[ pfB_Europe_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file
Could not open ISO [ PN_rep_v4 ]
[ pfB_Oceania_v4 ] exists. [ 11/15/16 07:00:22 ]
Could not open ISO [ PL_v4 ]
Could not open ISO [ PL_rep_v4 ]
Could not open ISO [ ES_v4 ]
Could not open ISO [ ES_rep_v4 ]
[ pfB_Top_v4 ] Changes found… Updating
[ pfB_Top_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file -
Not sure if this is resolved, but you could try to re-download the MaxMind Database manually:
php /usr/local/www/pfblockerng/pfblockerng.php dc -
It was solved by running the update manually once more (re-running the cronjob that fills up the IP-list).
I notice this happens almost every day now. People can't connect while the database is rebuilding. Doesn't look like an optimal way to do this. I have to run this thing manually off-hours from now on and it is a extra work I would like to not have…
-
And why are you rebuilding the database every day when it's being updated once every month by upstream?
-
On my P4 386 system, Cron update takes 20-40 minutes to complete,
DNS reload of the 92MB pfb_dnsbl.conf takes 4-5 minutes.2016-12-07 02:27:16 Daemon.Info 1.2.3.4 Dec 7 02:27:19 unbound: [66112:0] info: service stopped (unbound 1.5.10). 2016-12-07 02:31:23 Daemon.Info 1.2.3.4 Dec 7 02:31:26 unbound: [66112:0] info: start of service (unbound 1.5.10). ```During the reload, DNS fails, so it's not a bad idea to run cron update off-hours. As for the Maxmind database, once it is rebuilt, there is no need to run``` php /usr/local/www/pfblockerng/pfblockerng.php dc ```until something breaks or a new MaxMind database is released and for some reason the cron MaxMind update failed.
