pfBlockerNG IP Reputation

NollipfSense

@serbus and @Gertjan I used the CLI and here is the result:

[2.5.0-DEVELOPMENT][admin@NollipfSense.nollipfsense.lan]/root: php /usr/local/www/pfblockerng/pfblockerng.php dc

Download Process Starting [ 05/27/20 10:55:35 ]
/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized

Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized

Failed to Download
Download Process Ended [ 05/27/20 10:55:36 ]

[2.5.0-DEVELOPMENT][admin@NollipfSense.nollipfsense.lan]/root:

What I don't understand is I have a registered key; so, not sure what the unauthorized is all about nor what to do to resolve.

RonpfS

Goto Maxminds and check your account and Download History.

NollipfSense

@RonpfS Last download was on May 5, 2020 at 14.56pm ... so, I guess I'll have to wait for June. I had to reinstall a fresh pfSense 2.5-dev so may explain why I haven't got the feed since its once per month.

RonpfS

It changes every 6 days, do you see the md5 download every day ?

serbus

Hello!

Is there a limit to the number of times per month you can download the files from maxmind?

I use the same license key in a number of different routers and routinely download "off schedule" when setting things up or troubleshooting.

Maybe you could create a new license key at the maxmind site and try that in your router.

John

jdeloach

@NollipfSense said in pfBlockerNG IP Reputation:

@RonpfS Last download was on May 5, 2020 at 14.56pm ... so, I guess I'll have to wait for June. I had to reinstall a fresh pfSense 2.5-dev so may explain why I haven't got the feed since its once per month.

Run this command from the command prompt to force Maxmind to update: php /usr/local/www/pfblockerng/pfblockerng.php dc . This should force the Maxmind.com database to update.

Gertjan

@jdeloach said in pfBlockerNG IP Reputation:

Run this command from the command prompt to force Maxmind to update: php /usr/local/www/pfblockerng/pfblockerng.php dc . This should force the Maxmind.com database to update.

He did ( see above ) :

@NollipfSense said in pfBlockerNG IP Reputation:

[2.5.0-DEVELOPMENT][admin@NollipfSense.nollipfsense.lan]/root: php /usr/local/www/pfblockerng/pfblockerng.php dc
Download Process Starting [ 05/27/20 10:55:35 ]

He wasn't authorized.

/usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized
Failed to Download GeoLite2-Country.mmdb
/usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 401 Unauthorized
Failed to Download
Download Process Ended [ 05/27/20 10:55:36 ]

NollipfSense

So, I contacted MaxMind support that confirmed that somehow when I did the force the update, it kept downloading last month's (April) database ... which is not available ... hence, the unauthorized message.

Support suggested "If you alter your download URL and remove the 'date' parameter entirely, that will make it download the most recent database available rather than a specific database version. Alternatively, you can use the 'Get permalinks' link in your Download Files page to get a permanent download URL that you can use."

So, m question: where would I find the download file to change or replace with "permalinks."

RonpfS

Maybe it's time to move this topic to pfblockerNG forum.

NollipfSense

@RonpfS That's okay with me ... admin.

serbus

@NollipfSense

Hello!

Pfb uses the maxmind permalink url for retrieving the maxmind db. It does not look like it asks for a specific version or month.

Here is the url from the pfb code:

https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=MAXMIND_KEY&suffix=tar.gz

You should be able to replace MAXMIND_KEY with your key and try the url in your browser.

John

NollipfSense

@serbus Hello John, I preferred to let pfSense do the downloading instead of downloading it by way of the browser. I looked at this file: /usr/local/www/pfblockerng/pfblockerng_feeds.php ... however, no MaxMind url was in the file.

Alternatively, I could wait until next Thursday when the new file would be available.

serbus

Hello!

The maxmind urls are in usr/local/www/pfblockerng/pfblockerng.php

Loading that link in your browser would just be a general test for your maxmind account, license key, and networks access to the download.

John

NollipfSense

@serbus Well John, early this morning I tried again and got same unauthorized ... so, I tried the browser and got invalid key; so, I just generated a new key ... all is good.