pfBlockerNG IP Reputation

When removing pfBlocker, the usr/local/www/pfblockerng/ directory should be gone, or, at least empty.
When you re install, that file doesn't come back ??

Re installing pfSEnse will not generate these files.

File system problems ?

NollipfSense · May 22, 2020, 6:49 PM

@Gertjan said in pfBlockerNG IP Reputation:

@NollipfSense said in pfBlockerNG IP Reputation:
Reinstalling pfBlockerNG did not fix
When removing pfBlocker, the usr/local/www/pfblockerng/ directory should be gone, or, at least empty.
When you re install, that file doesn't come back ??

Re installing pfSEnse will not generate these files.

File system problems ?

Okay Gertjan, I did not completely remove it ... just reinstalled it and it's the same. So, I will remove it then check to be sure the directory is gone or empty. Thank you!

Completely removed pfBlockerNG, keep setting, and reinstall ... same issue. The directory was there but empty. I'll try removing again then delete the directory.

NollipfSense · May 22, 2020, 7:25 PM

This is the only file in the directory when pfBlockerNG is removed.

🔒 Log in to view

Then, when reinstalling pfBlockerNG, some how IP reputation.php is not included.

🔒 Log in to view

serbus · May 24, 2020, 3:55 AM

Hello!

Did you run a full update of pfbng? I think that file might be dynamically generated at some point during that process.

John

Gertjan · May 23, 2020, 7:35 AM

@NollipfSense said in pfBlockerNG IP Reputation:

Then, when reinstalling pfBlockerNG, some how IP reputation.php is not included.

Yep, I confirm.
It's not included in the package file - neither referenced in the manifest.
It's a package build issue.
Some one should inform @BBcan177.

Maybe the reputation functionality was removed from pfBlocker ?

I can rename any file in that directory, re install pfBlockerNG, and the file will reapaer.
Except the pfblockerng_reputation.php file.

@serbus said in pfBlockerNG IP Reputation:

I think that file might be dynamically generated at some point during that process.

It's a static web page.
pfBlockerNG does not generate this page.
An exception exists : the /usr/local/www/pfblockerng/www/dnsbl_active.php page, which is copied from the dnsbl_default.php file by pfBlockerNG itself. This is the way we select the default "Blocked Webpage" - made our own one.

🔒 Log in to view

serbus · May 23, 2020, 9:08 PM

@Gertjan said in pfBlockerNG IP Reputation:

It's a static web page.
pfBlockerNG does not generate this page.

Hello!

I am new to pfsense and still working through much of the code. Maybe you can help.

How and when are the pfblocker reputation and country xml files generated?
What is the purpose of the pkg.php system?
Does pkg ever save/cache the php it dynamically generates from xml for performance or other reasons?

Thanks!

John

serbus · May 23, 2020, 9:32 PM

@NollipfSense said in pfBlockerNG IP Reputation:

No one else reproduced the above result? Is it that IP reputation had been removed from the package?

Hello!

You could try running :

php /usr/local/www/pfblockerng/pfblockerng.php gc

To recreate the reputation and country php files.

John

NollipfSense · May 24, 2020, 3:55 AM

@serbus said in pfBlockerNG IP Reputation:

I think that file might be dynamically generated at some point during that process.

I have been thinking along those lines because I noticed also that Maxmind data had not loaded despite providing my key.

NollipfSense · May 24, 2020, 3:57 AM

@Gertjan Do you also have the MaxMind feed loaded?

NollipfSense · May 25, 2020, 3:27 AM

@serbus said in pfBlockerNG IP Reputation:

php /usr/local/www/pfblockerng/pfblockerng.php gc

Hey John, I am reporting that worked. However, the command result shows geolocation files not found confirmed that IP reputation list is derived from geolocation feed. Just discovered making the page had produced a crash

🔒 Log in to view

Gertjan · May 25, 2020, 6:01 AM

@NollipfSense :

[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: php /usr/local/www/pfblockerng/pfblockerng.php gc
 Creating pfBlockerNG Continent PHP files
 IPv4 Africa                     [ 05/25/20 07:16:41 ]
 IPv6 Africa                     [ 05/25/20 07:16:43 ]
 IPv4 Antarctica
 IPv6 Antarctica
 IPv4 Asia
 IPv6 Asia                       [ 05/25/20 07:16:46 ]
 IPv4 Europe                     [ 05/25/20 07:16:47 ]
 IPv6 Europe                     [ 05/25/20 07:16:55 ]
 IPv4 North America              [ 05/25/20 07:16:58 ]
 IPv6 North America              [ 05/25/20 07:17:04 ]
 IPv4 Oceania                    [ 05/25/20 07:17:05 ]
 IPv6 Oceania                    [ 05/25/20 07:17:06 ]
 IPv4 South America
 IPv6 South America              [ 05/25/20 07:17:07 ]
 IPv4 Proxy and Satellite
 IPv6 Proxy and Satellite        [ 05/25/20 07:17:08 ]
 IPv4 Top Spammers
 IPv6 Top Spammers
 pfBlockerNG Reputation Tab
Country Code Update Ended

and

[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: php /usr/local/www/pfblockerng/pfblockerng.php ugc
Country code update Start [ 05/25/20 07:42:27 ]
 Processing ISO IPv4 Continent/Country Data
 Processing ISO IPv6 Continent/Country Data [ 05/25/20 07:42:55 ]
 Creating pfBlockerNG Continent PHP files
 IPv4 Africa                     [ 05/25/20 07:43:05 ]
 IPv6 Africa                     [ 05/25/20 07:43:06 ]
 IPv4 Antarctica
 IPv6 Antarctica
 IPv4 Asia
 IPv6 Asia                       [ 05/25/20 07:43:09 ]
 IPv4 Europe                     [ 05/25/20 07:43:10 ]
 IPv6 Europe                     [ 05/25/20 07:43:19 ]
 IPv4 North America              [ 05/25/20 07:43:21 ]
 IPv6 North America              [ 05/25/20 07:43:27 ]
 IPv4 Oceania                    [ 05/25/20 07:43:29 ]
 IPv6 Oceania
 IPv4 South America
 IPv6 South America              [ 05/25/20 07:43:30 ]
 IPv4 Proxy and Satellite        [ 05/25/20 07:43:31 ]
 IPv6 Proxy and Satellite
 IPv4 Top Spammers
 IPv6 Top Spammers               [ 05/25/20 07:43:32 ]
 pfBlockerNG Reputation Tab
Country Code Update Ended

@serbus said in pfBlockerNG IP Reputation:

Did you run a full update of pfbng? I think that file might be dynamically generated at some point during that process.

Well .... @servus is right.
I was wrong.
This file "reputation" IS actually regenerated out of /usr/local/www/pfblockerng/pfblockerng.php ...

@NollipfSense : Yes, I have an activated MaxiMind account.

🔒 Log in to view

@NollipfSense : How many files - what ype of files do you have here /usr/local/share/GeoIP/cc/ ?

I have more the 1500 files - it depends probably on which regions I've selected, I guess.
Some of them have a time stamp like 03/09/2019 - others 07/05/2020 - and the better part was downloaded just today : 25/05/2020 - 07h17.

Also : /usr/local/share/GeoIP/ ? This directory gets filled with files from MaxMind - if you have an account with them.

So : files actually get downloaded , No file system full ? Run a "fsck" just to be sure.

Btw : The Diagnostic > Command propmpt : never use that one. It could hide stuff. Keyboard command belong on a real command line. It's one click away with Putty or any other SSH client. Better get used to it ^^