DNSBL Service won't start

Rockjansky

Hi All,

I'm pretty new to pfsense and even newer to pfBlockerNG, so I apologize if this is an obvious or dumb question. I've searched for an answer, but didn't find a definitive solution. I followed the guide to setting up DNSBL provided by BBCAN, made sure the DNS Resolver is on and forwarder is off. For whatever reason, I can't get the service to start or anything to change on the DNSBL configuration page. I looked through the pfblocker log files and system logs, but I don't see anything related to the service or why it won't start. Can anyone point me in the right direction? I've tried with and without custom feeds and reset the pfsense install to factory defaults, it behaves the same.

Thanks

BBcan177

I assume you defined the DNSBL VIP and the two DNSBL ports? Did you enable any DNSBL Feeds?  Maybe run a "Force Reload - DNSBL" and post that part of the pfblockerng.log…

Rockjansky

Yes, the fields are pre-populated with 10.10.10.1, 8081 for listening and 8443 for SSL listening. I can change them but they do not persist through a "save" of the settings, my thought was the service needed to be started before these defaults could be modified? I have HpHosts, yoyo, adaway and camelon set for feeds, I've removed that entire section before attempting to narrow down the issue, but it didn't seem to make difference.

When I try and start the service this is the only entry that comes up in the pfblockerng.log

**Saving configuration [ 06/03/17 16:26:30 ] …

**Saving configuration [ 06/03/17 16:29:32 ] …

I should mention I'm running 2.4 Beta on an SG-1000 as well.

Thanks for your help.

RonpfS

What happens when you do a Force Reload DNSBL?

Rockjansky

Log below.

UPDATE PROCESS START [ 06/03/17 18:55:16 ]

Clearing all DNSBL Feeds…
** DNSBL Disabled **

===[  Continent Process  ]============================================

===[  IPv4 Process  ]=================================================

[ IBlock_BT_Hijack ] exists. [ 06/03/17 18:55:17 ]
[ IBlock_BT_FS ] exists.
[ IBlock_BT_Web ] exists.
[ IBlock_BT_Spy ] exists.
[ IBlock_Badpeer ] exists.
[ IBlock_Ads ] exists.
[ IBlock_Proxy ] exists.
[ ET_Comp ] exists.
[ ET_Block ] exists.
[ Spamhaus_drop ] exists.
[ Spamhaus_edrop ] exists.
[ CIArmy ] exists.
[ Abuse_Zeus ] exists.
[ Abuse_Spyeye ] Downloading update .. 404 Not Found

[ pfB_PRI1 - Abuse_Spyeye ] Download FAIL [ 06/03/17 18:55:20 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ Abuse_Spyeye ]

[ Abuse_Palevo ] Downloading update [ 06/03/17 18:55:22 ] .. 403 Forbidden

[ pfB_PRI1 - Abuse_Palevo ] Download FAIL [ 06/03/17 18:55:24 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ Abuse_Palevo ]

[ Abuse_SSLBL ] exists. [ 06/03/17 18:55:26 ]
[ dShield_Block ] exists.
[ Snort_BL ] exists.
[ BBC_Goz ] exists.
[ Alienvault ] exists.
[ Atlas_Attacks ] Downloading update .. 200 OK
  Remote timestamp missing . completed ..
[ pfB_PRI2 Atlas_Attacks ] List Error ]

[ Atlas_Botnets ] Downloading update [ 06/03/17 18:55:29 ] .. 200 OK
  Remote timestamp missing . completed ..
[ pfB_PRI2 Atlas_Botnets ] List Error ]

[ Atlas_Fastflux ] Downloading update [ 06/03/17 18:55:31 ] .. 200 OK
  Remote timestamp missing . completed ..
[ pfB_PRI2 Atlas_Fastflux ] List Error ]

[ Atlas_Phishing ] Downloading update [ 06/03/17 18:55:34 ] .. 200 OK
  Remote timestamp missing . completed ..
[ pfB_PRI2 Atlas_Phishing ] List Error ]

[ Atlas_Scans ] Downloading update [ 06/03/17 18:55:36 ] .. 200 OK
  Remote timestamp missing . completed ..
[ pfB_PRI2 Atlas_Scans ] List Error ]

[ SRI_Attackers ] exists. [ 06/03/17 18:55:38 ]
[ SRI_CC ] exists.
[ HoneyPot ] exists.
[ MDL ] exists.
[ Nothink_BL ] exists.
[ Nothink_SSH ] exists.
[ Nothink_Malware ] exists.
[ DangerRulez ] Downloading update . cURL Error: 60
SSL certificate problem: self signed certificate Retry in 5 seconds…
. cURL Error: 60
SSL certificate problem: self signed certificate Retry in 5 seconds...
. cURL Error: 60
SSL certificate problem: self signed certificate Retry in 5 seconds...
.. unknown http status code

[ pfB_PRI3 - DangerRulez ] Download FAIL [ 06/03/17 18:55:57 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ DangerRulez ]

[ Shunlist ] Downloading update [ 06/03/17 18:55:59 ] .. 200 OK. completed ..
[ pfB_PRI3 Shunlist ] List Error ]

[ Infiltrated ] Downloading update [ 06/03/17 18:56:00 ] .. 200 OK. completed ..
[ pfB_PRI3 Infiltrated ] List Error ]

[ DRG_SSH ] exists. [ 06/03/17 18:56:01 ]
[ DRG_VNC ] exists.
[ DRG_HTTP ] exists.
[ Feodo_Block ] exists.
[ Feodo_Bad ] exists.
[ WatchGuard ] exists.
[ VMX ] Downloading update . cURL Error: 60
SSL certificate problem: unable to get local issuer certificate Retry in 5 seconds…
. cURL Error: 60
SSL certificate problem: unable to get local issuer certificate Retry in 5 seconds...
. cURL Error: 60
SSL certificate problem: unable to get local issuer certificate Retry in 5 seconds...
.. unknown http status code

[ pfB_PRI3 - VMX ] Download FAIL [ 06/03/17 18:56:19 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ VMX ]

[ Geopsy ] Downloading update [ 06/03/17 18:56:21 ] .. 404 Not Found

[ pfB_PRI3 - Geopsy ] Download FAIL [ 06/03/17 18:56:23 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ Geopsy ]

[ Maxmind ] exists.
[ BotScout ] exists.
[ Juniper ] exists.
[ Greensnow ] exists.
[ BlocklistDE ] exists.
[ SFS_Toxic ] exists.
[ MalwareGroup ] Downloading update .. 404 Not Found

[ pfB_SEC1 - MalwareGroup ] Download FAIL [ 06/03/17 18:56:24 ]
  Firewall and/or IDS are not blocking download.

The Following list has been REMOVED [ MalwareGroup ]

[ OpenBL ] exists. [ 06/03/17 18:56:25 ]
[ Malcode ] exists.
[ BadIPs ] exists.
[ IBlock_Tor ] exists.
[ Blut_Tor ] exists.
[ ET_Tor ] exists.

===[  IPv6 Process  ]=================================================

===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

UPDATE PROCESS ENDED [ 06/03/17 18:56:42 ]

RonpfS

** DNSBL Disabled ** tell me that DNSBL isn't enabled in your config

Rockjansky

If I try and enable it through the web interface, I check the enable dnsbl box, and click save. It dumps me back to the same screen with the checkbox unchecked. If I look in services the dnsbl web service is present but it cannot be started there either. So… I'm trying to enable it but it won't stick.

Thanks

RonpfS

Maybe try with another browser
Or reinstall pfBlockerNG.
You are using DNS Resolver ?

jeffhoge

I can confirm 100% that I'm having these exact symptoms. It's a brand new SG-1000. I have even factory defaulted the SG-1000 and attempted to turn on DNSBL as the first setting (with no other changes in place after the initial setup wizard). I check the "Enable DNSBL" box, click save, and the browser window refreshes… then the "Enable DNSBL" box isn't ticked anymore.

I've tried this on Chrome, FF, IE, and even Safari for IOS.

Version: 2.4.0.b.20170601.1457

Rockjansky

Looks like maybe we found a bug. Is it possible to try and start the service through SSH? I'm wondering if there is a more verbose error message it displays when using the console.

BBcan177

Its odd that they are both the SG-1000 units… There has been no issues with any other hardware and no recent code change...  Can you change settings in the pfBlockerNG General Tab? or any other pfSense tabs?

Do you see anything in the pfsense system log? or the Diag Backup config history?

I'll try to fire up the SG-1000 that I have and see if I can reproduce it...

BBcan177

Can you guys send me the output of the following command:

grep -A50 "<pfblockerngdnsblsettings>" /conf/config.xml</pfblockerngdnsblsettings>

Update:

https://redmine.pfsense.org/issues/7624

Did you guys install or uninstall any other packages recently?

Rockjansky

Output from the command below. I had Squid and Bandwidth D installed originally, but after the reset, just pfBlocker and AutoConfigBackup. I can reset again if you'd like, Also, I can enable and disable the pfBlockerng just fine.

<pfblockerngdnsblsettings><config><pfb_dnsbl>on</pfb_dnsbl>

<pfb_dnsvip>10.10.10.1</pfb_dnsvip>
<pfb_dnsport>8081</pfb_dnsport>
<pfb_dnsport_ssl>8443</pfb_dnsport_ssl>
<dnsbl_interface>lan</dnsbl_interface>

<dnsbl_allow_int></dnsbl_allow_int>
<action>Disabled</action>
<aliaslog>enabled</aliaslog>
<autoaddrnot_in></autoaddrnot_in>
<autoports_in></autoports_in>
<aliasports_in></aliasports_in>
<autoaddr_in></autoaddr_in>
<autonot_in></autonot_in>
<aliasaddr_in></aliasaddr_in>
<autoproto_in></autoproto_in>
<agateway_in>default</agateway_in>
<autoaddrnot_out></autoaddrnot_out>
<autoports_out></autoports_out>
<aliasports_out></aliasports_out>
<autoaddr_out></autoaddr_out>
<autonot_out></autonot_out>
<aliasaddr_out></aliasaddr_out>
<autoproto_out></autoproto_out>
<agateway_out>default</agateway_out>
<alexa_enable></alexa_enable>
<alexa_count>1000</alexa_count>
<alexa_inclusion>ca,co,com,io,net,org</alexa_inclusion>

<tldblacklist></tldblacklist></config>
<config><pfb_dnsbl>on</pfb_dnsbl>

<pfb_dnsvip>10.10.10.1</pfb_dnsvip>
<pfb_dnsport>8081</pfb_dnsport>
<pfb_dnsport_ssl>8443</pfb_dnsport_ssl>
<dnsbl_interface>lan</dnsbl_interface>

<dnsbl_allow_int></dnsbl_allow_int>
<action>Disabled</action>
<aliaslog>enabled</aliaslog>
<autoaddrnot_in></autoaddrnot_in>
<autoports_in></autoports_in>
<aliasports_in></aliasports_in></config></pfblockerngdnsblsettings>

BBcan177

@Rockjansky:

Output from the command below. I had Squid and Bandwidth D installed originally, but after the reset, just pfBlocker and AutoConfigBackup. I can reset again if you'd like, Also, I can enable and disable the pfBlockerng just fine.

<pfblockerngdnsblsettings><config><pfb_dnsbl>on</pfb_dnsbl>

<tldblacklist></tldblacklist></config>
<config><pfb_dnsbl>on</pfb_dnsbl></config></pfblockerngdnsblsettings>

As per the redmine that I posted above, this is the same issue… Something has added a dummy tags.
Also noticed that there is a second <config>below that…. So not sure what else can be messed up with the config.xml?  JimP fix a bug in pfSense pkg_edit.php as you can see from the redmine. So make sure you download the lastest version to get this fix.

Two OPTIONS:

1. Edit the    /conf/config.xml   and remove every tag between:

and save the file. Just note that a typo in this file will cause a crash, so only do this if you know what your doing.

Then  rm /tmp/config.cache   which will reload the new config

2. Wipe the box any reinstall… And don't restore this config.xml as its corrupted...

Make sure you have a backup before proceeding with these changes!</config>

jeffhoge

Thank you! I performed the upgrade, deleted probably 100 lines in config.xml between the tags you indicated, deleted the config cache file, and rebooted (for good measure). Now DNSBL is allowing me to enable it, and leave it enabled this time.

Thanks again.

Rockjansky

Working for me as well. Thanks for your help!