No IP Alias/Group defined from Feed?
-
rm /var/db/aliastables/pfB_PRI1_v4.txt rm /var/db/pfblockerng/original/CIArmy_v4.orig rm /var/db/pfblockerng/deny/CIArmy_v4.txtThen reload again, that should fully remove all of CIArmy.
Another way would be to add back CINS_army feed from the feeds tab, set the update options for the PRI1 IPv4 list. Force an update then go back and delete the PRI1 IPV4 group.
-
Can you create any IPV4 table ? Maybe you config.xml is borked.
-
Interesting, after adding a 'test' Alias/group the CINS_Army entry now shows.
I deleted the 'test' entry and the CINS_Army is maintained in the list it seems. Maybe it was the config.xml being re-written?
-
@ar15usr said in No IP Alias/Group defined from Feed?:
Interesting, after adding a ‘test’ Alias/group the CINS_Army entry now shows.
Maybe a specific case of a new installation.Can you keep a copy ( Diagnostics / Backup & Restore / Config History) of the config.xml before installation, after installation and the one after adding the feed from the Feeds Tab and maybe the one before the Test table and the one you have now in case BBcan177 need them to debug the code.
-
Looks like its too late for the installation configs. I'll try and save before/after the feeds setup..
-
What does this command report?
grep -A30 "<pfblockernglistsv4" /conf/config.xmlLooks like there might be an empty <config></config> tag causing issues...
-
<pfblockernglistsv4> <config> <aliasname>PRI1</aliasname> <description><![CDATA[PRI1 - Collection of Feeds from the most reputable blocklist providers. (Primary tier)]]></description> <action>Deny_Outbound</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> -
@bbcan17 said in No IP Alias/Group defined from Feed?:
grep -A30
Increase the A count in the Grep command until you get to "</pfblockernglistsv4>" which is the end XML tag. Then we can tell if there are any empty tags.
-
I have noticed the same issue, here is my Grep output. Hope it helps.
<pfblockernglistsv4> <config></config> <config> <aliasname>PRI1</aliasname> <description><![CDATA[PRI1 - Collection of Feeds from the most reputable blocklist providers. (Primary tier)]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv</url> <header>Abuse_DYRE</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://feodotracker.abuse.ch/blocklist/?download=badips</url> <header>Feodo_BadIPs</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://feodotracker.abuse.ch/blocklist/?download=ipblocklist</url> <header>Feodo_Block</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt</url> <header>Abuse_IPBL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://sslbl.abuse.ch/blacklist/sslipblacklist.csv</url> <header>Abuse_SSLBL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://zeustracker.abuse.ch/blocklist.php?download=badips</url> <header>Abuse_Zeus</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt</url> <header>BBC_C2</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://cinsarmy.com/list/ci-badguys.txt</url> <header>CINS_army</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt</url> <header>ET_Block</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://rules.emergingthreats.net/blockrules/compromised-ips.txt</url> <header>ET_Comp</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://isc.sans.edu/api/sources/attacks/1000/30?text</url> <header>ISC_1000_30</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://isc.sans.edu/feeds/block.txt</url> <header>ISC_Block</header> </row> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://pulsedive.com/premium?key=_API_KEY_&types=ip</url> <header>Pulsedive</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.spamhaus.org/drop/drop.txt</url> <header>Spamhaus_Drop</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.spamhaus.org/drop/edrop.txt</url> <header>Spamhaus_eDrop</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.talosintelligence.com/feeds/ip-filter.blf</url> <header>Talos_BL</header> </row> </config> <config> <aliasname>PRI2</aliasname> <description><![CDATA[PRI2 - Collection of Feeds from Secondary Tier providers.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://reputation.alienvault.com/reputation.snort.gz</url> <header>Alienvault</header> </row> </config> <config> <aliasname>PRI3</aliasname> <description><![CDATA[PRI3 - Collection of Feeds from Tertiary Tier providers.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://www.autoshun.org/download/?api_key=_API_KEY_&format=csv</url> <header>Shunlist</header> </row> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://lists.blocklist.de/lists/all.txt</url> <header>BlockListDE_All</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://botscout.com/last_caught_cache.txt</url> <header>BotScout</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://danger.rulez.sk/projects/bruteforceblocker/blist.php</url> <header>DangerRulez</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://blocklist.greensnow.co/greensnow.txt</url> <header>GreenSnow</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.juniper.net/security/auto/spam</url> <header>Juniper</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.malwaredomainlist.com/hostslist/ip.txt</url> <header>MDL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.maxmind.com/en/high-risk-ip-sample-list</url> <header>MaxMind_BD_Proxy</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_malware_dns.txt</url> <header>NoThink_DNS</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_malware_http.txt</url> <header>NoThink_HTTP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_malware_irc.txt</url> <header>NoThink_IRC</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_ssh_week.txt</url> <header>NoThink_SSH</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_snmp_week.txt</url> <header>NoThink_SNMP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.nothink.org/blacklist/blacklist_telnet_week.txt</url> <header>NoThink_Telnet</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt</url> <header>SFS_Toxic</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://suspect-networks.io/downloads/suspect_networks.txt</url> <header>SuspectNetworks</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.reputationauthority.org/toptens.php</url> <header>WatchGuard</header> </row> </config> <config> <aliasname>PRI4</aliasname> <description><![CDATA[PRI4 - Collection of Feeds from Fourth Tier providers.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.badips.com/get/list/any/2?age=30d</url> <header>BadIPs_30d</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.binarydefense.com/banlist.txt</url> <header>BDS_Ban</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.botvrij.eu/data/ioclist.ip-dst.raw</url> <header>Botvrij_IP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://cybercrime-tracker.net/fuckerz.php</url> <header>CCT_IP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.darklist.de/raw.php</url> <header>Darklist</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://isc.sans.edu/api/threatlist/miner</url> <header>ISC_Miner</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://malc0de.com/bl/IP_Blacklist.txt</url> <header>Malc0de</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://malwaredb.malekal.com/export.php?type=url</url> <header>Malekal_BL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.myip.ms/files/blacklist/csf/latest_blacklist.txt</url> <header>Myip_BL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.ipspamlist.com/public_feeds.csv</url> <header>NVT_BL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://zerodot1.gitlab.io/CoinBlockerLists/MiningServerIPList.txt</url> <header>CoinBlocker</header> </row> </config> <config> <aliasname>PRI5</aliasname> <description><![CDATA[PRI5 - Collection of Feeds from Fifth Tier providers.]]></description> <action>Deny_Both</action> <cron>EveryDay</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw</url> <header>MS_1</header> </row> </config> <config> <aliasname>SFS</aliasname> <description><![CDATA[SFS - Stop Forum Spam]]></description> <action>Deny_Both</action> <cron>08hours</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://www.stopforumspam.com/downloads/bannedips.zip</url> <header>SFS_IPs</header> </row> </config> <config> <aliasname>TOR</aliasname> <description><![CDATA[TOR - Collection of Feeds for the TOR network.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.binarydefense.com/tor.txt</url> <header>BDS_TOR</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://rules.emergingthreats.net/blockrules/emerging-tor.rules</url> <header>ET_TOR_All</header> </row> </config> <config> <aliasname>MAIL</aliasname> <description><![CDATA[MAIL - Collection of Feeds for Mail Server specific blocklists.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://antispam.imp.ch/spamlist</url> <header>Improware</header> </row> <row> <format>auto</format> <state><![CDATA[Disabled]]></state> <url>https://www.unsubscore.com/blacklist.txt</url> <header>LB_BL</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz</url> <header>Nix_Spam</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.spamcop.net/w3m?action=map;net=cmaxratio;mask=65535;sort=spamcnt;format=text</url> <header>SpamCop_SC</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>http://toastedspam.com/deny</url> <header>Toastedspam</header> </row> </config> <config> <aliasname>Internic_4</aliasname> <description><![CDATA[Internic - List of the 13 IPv4 Root DNS servers via Internic Domain Registration service.]]></description> <action>Permit_Outbound</action> <cron>Weekly</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.internic.net/domain/named.root</url> <header>Resolver4</header> </row> </config> <config> <aliasname>BlockListDE</aliasname> <description><![CDATA[Collection of specific fail2ban reporting service Feeds.]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/apache.txt</url> <header>BlockListDE_Apache</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/asterisk.txt</url> <header>BlockListDE_Asterisk</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/bots.txt</url> <header>BlockListDE_Bots</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/bruteforcelogin.txt</url> <header>BlockListDE_Brute</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/email.txt</url> <header>BlockListDE_Email</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/ftp.txt</url> <header>BlockListDE_FTP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/proftpd.txt</url> <header>BlockListDE_FTPD</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/ircbot.txt</url> <header>BlockListDE_IRC</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/imap.txt</url> <header>BlockListDE_IMAP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/mail.txt</url> <header>BlockListDE_Mail</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/pop3.txt</url> <header>BlockListDE_POP3</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://www.blocklist.de/lists/postfix.txt</url> <header>BlockListDE_Postfix</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/sip.txt</url> <header>BlockListDE_SIP</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/ssh.txt</url> <header>BlockListDE_SSH</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://lists.blocklist.de/lists/strongips.txt</url> <header>BlockListDE_Strong</header> </row> </config> <config> <aliasname>Abuse_PS</aliasname> <description><![CDATA[Abuse Ransomware Tracker - Payment Sites]]></description> <action>Deny_Both</action> <cron>01hour</cron> <dow>1</dow> <aliaslog>enabled</aliaslog> <stateremoval><![CDATA[enabled]]></stateremoval> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <suppression_cidr>Disabled</suppression_cidr> <whois_convert></whois_convert> <custom></custom> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt</url> <header>Abuse_CW_PS</header> </row> <row> <format>auto</format> <state><![CDATA[Enabled]]></state> <url>https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt</url> <header>Abuse_LY_PS</header> </row> </config> </pfblockernglistsv4> -
@morgion said in No IP Alias/Group defined from Feed?:
<pfblockernglistsv4>
<config></config>To fix that:
- Make a pfSense Backup of the config.xml
- Goto pfSense > Diagnostics > Edit File
- Enter "/conf/config/xml"
- Scroll down and find "<pfBlockernglistsv4>"
- Remove the line "<config></config>"
- Save
-
@bbcan177 said in No IP Alias/Group defined from Feed?:
/conf/config/xml
Worked both IPv4 & IPv6 List are now present, Thank you again for your help.
-
@bbcan177
Sorry, been away for the weekend...I'm seeing 11 of these empty configs. Should I change them all?
<pfblockernglistsv6> <config></config><pfblockerngafrica> <config></config> </pfblockerngafrica> <pfblockerngantarctica> <config></config> </pfblockerngantarctica> <pfblockerngasia> <config></config> </pfblockerngasia> <pfblockerngeurope> <config></config> </pfblockerngeurope> <pfblockerngnorthamerica> <config></config> </pfblockerngnorthamerica> <pfblockerngoceania> <config></config> </pfblockerngoceania> <pfblockerngsouthamerica> <config></config> </pfblockerngsouthamerica> <pfblockerngtopspammers> <config></config> </pfblockerngtopspammers> <pfblockerngproxyandsatellite> <config></config><pfblockerngreputation> <config></config>
2.6.0-RELEASE
-
This post is deleted! -
@ar15usr said in No IP Alias/Group defined from Feed?:
Should I change them all?
No, those are normal when nothing is defined / configured for these entries.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.