pfBlockerNG DNSBL service wont start
-
Hi,
Ive installed PFblockerng and the pfBlockerNG DNSBL service will not start. I've re-installed it whilst disabling the keep settings option. I've done a force reload all and restarted pfsense and it wont start up
The weird thing is that once im connected onto my openvpn connection, ads are being blocked even when the DNSBL is disabled
Can someone provide me with some further troubleshooting methods to solve this?
Thanks
-
Hummmm.
Can't see anything from here.You looked here :
?
-
in the error.log im seeing this. (Certificate issue i think)
**[ DNSBL_EasyList - EasyList ] Download FAIL [ 06/09/20 21:35:09 ]
Firewall and/or IDS (Legacy mode only) are not blocking download.[ DNSBL_EasyList - EasyPrivacy ] Download FAIL [ 06/09/20 21:35:24 ]
Firewall and/or IDS (Legacy mode only) are not blocking download.**this is the pfblocker log. Cant see any errors besides the lists not downloading
https://pastebin.com/cM5eSys7
-
Same issue, Curl SSL errors out on 2.4.4 before update and continues on 2.4.5-p1. the difference here it keeps reusing the old list it already had from before 5/30/2020 and looks like it's been broken since that date. below is snip from the log
[ easylistads ] Previous download failed. Re-attempt download UPDATE PROCESS START [ 06/10/20 20:00:01 ] ===[ DNSBL Process ]================================================ [ easylistads ] Downloading update . cURL Error: 60 SSL certificate problem: certificate has expired Retry in 5 seconds... . cURL Error: 60 SSL certificate problem: certificate has expired Retry in 5 seconds... . cURL Error: 60 SSL certificate problem: certificate has expired Retry in 5 seconds... .. unknown http status code [ DNSBL_easylistads - easylistads ] Download FAIL [ 06/10/20 20:00:17 ] Firewall and/or IDS are not blocking download. Restoring previously downloaded fileEDIT** I just spotted the issue, look at the remote timestamp date, it appears the server had a date roll over issue, I seen it on some other lists also, which appear to have been fixed. 4 hours prior to that it synced and updated normally
[ easylistads ] Remote timestamp: Thu, 01 Jan 1970 00:00:00 GMT Local timestamp: Sat, 30 May 2020 07:51:04 GMT Update found UPDATE PROCESS START [ 05/30/20 08:00:11 ] -
Change the State of the URL to Flex
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@RonpfS Doesnt work.
-
Can you open that URL in your browser ?
2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
@RonpfS
good catch, that worked and the list updated. it fails initially, retries with flex ssl downgrade and succeeds
I forgot that was even an option.
new snip of log below[ easylistads ] Downloading update . cURL Error: 60 [ ! ] Downgrading SSL settings (Flex) . 200 OK. -
@RonpfS Yes.
-
used flex to remove the download errors but the service refuses to start. im still getting adblocking on the vpn so it seems to be working but not sure if the functionality is impaired or not
