Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG rule download failure log entry- false positive?

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 629 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparkman123
      last edited by sparkman123

      I am seeing all my entries for my DNSBL feeds as erroring out, specifically with the message:

      [ DNSBL_AfunList - AfunList ] Download FAIL [ 01/10/20 03:03:00 ]
 Firewall and/or IDS are not blocking download.

 Restoring previously downloaded file

      However, when I ls -la the files under /var/db/pfblockerng/dnsbl I see they have all been accessed at that time.

      Further, if I remove one of the feed files corresponding to the list in the dnsbl directory (in this case, AfunList.txt) and then force a manual update through Firewall -> pfBlockerNG -> Update) the feed file is successfully downloaded and restored.

      Also, I can view the feed lists in a browser, so they are clearly up.

      Any idea why this is being reported as an error? Is this some kind of false positive?

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by RonpfS

        File are downloaded in /var/db/pfblockerng/dnsblorig.

        At Cron Update, when the URL is triggered to download, it will download it. In case of failure, it will use existing dnsbl file to continue.

        During a Reload, the DNSBL db is built reading the .orig files and results are put in /var/db/pfblockerng/dnsbl. It's possible that the files are not downloaded during a reload. Inspect the pfblockerNG.log file to see what is done.

        Can you access the URL for AfunList in a browser?

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • S
          sparkman123
          last edited by

          I was not aware of the role of the .orig files. I tried clearing both (AfunList.orig from /var/db/pfblockerng/dnsblorig and AfunList.txt in /var/db/pfblockerng/dnsbl) and then force updating DNSBL. Both the orig and txt files were regenerated from the list feed

          As far as I can tell, the feed is correctly synced.

          @RonpfS said in pfBlockerNG rule download failure log entry- false positive?:

          Can you access the URL for AfunList in a browser?

          Yes.

          So I'm not sure why the log is reporting an error

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.