Alerts not showing all entries, just last hour or so.+ issue updating

robnitro

Hi,
I'm on release 232 p1, pfblocker 2114  (latest)

2 issues here:
-In alerts log I am only seeing the last hour or so.  I set filter to show 200 entries for deny, but never it will show that much.  Am I missing a setting here?  In the firewall log, showing 300 entries on the UI, it goes 3 hours back.

-When I force an update (after I change my iblocklist custom list choices) it will not redownload the list.  It doesnt see that things changed.  Is there a force interval?  I used to be able to force it, now no?
OTHERSrobcustom is my custom list that I use through iblocklist which provides gz/7z/bz  compressed formats of cidr/p2p lists.  I prefer p2p because the list is legible with name comments.

 UPDATE PROCESS START [ 10/25/16 18:00:27 ]

Clearing all DNSBL Feeds... 
** DNSBL Disabled **

===[  Continent Process  ]============================================

===[  IPv4 Process  ]=================================================

[ ALLOWsROB ]		 exists. [ 10/25/16 18:00:28 ]
[ ALLOWsROB_custom ]	 exists.
[ OTHERSrobcustom ]	 exists.

===[  IPv6 Process  ]=================================================

===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

===[  Kill States  ]==================================================

 No matching states found
======================================================================

 UPDATE PROCESS ENDED [ 10/25/16 18:00:32 ]

robnitro

Logs seem to be ok now, I had to remove global logging.  Somehow that was truncating things.

Still the updater is confusing.  An update on my iblocklist custom list does not get updated, I used a script to update manually

BBcan177

The IP Alerts page utilizes the pfSense Firewall Log. So you might want to increase the Firewall log size to get more data…

Did you set the "Update Frequency" setting for this Alias? If you are using the custom list, there is an option at the bottom of the page that needs to be selected if you want a Force Update to pickup the changes... "Update Custom List".... Otherwise the Alias is updated as per the "Update Frequency" setting...

robnitro

I'm not using a custom list, but a link to an iblocklist list.  One is my own list where you can select multiple lists and it gives you a single link.  It was useful for openwrt which was flaky with ipset block lists.

The update frequency is set to once a day.  Should it be put as never, and instead cron handles updates?  I'm confused.

Anyway for a manual way to force an update, a little itty bitty script:

root/# cat /usr//local/sbin/pfblockerforce.sh
#!/bin/sh
############################################
#
# pfblocker force update robs
#
############################################

echo "===================="
echo "Backup and Deleting Lists"
logger "PFBLOCKER DELETING LISTS"
cp -R /var/db/pfblockerng/deny /var/db/pfblockerng/denyBAK
cp -R /var/db/pfblockerng/permit /var/db/pfblockerng/permitBAK

rm -f /var/db/pfblockerng/deny/*
rm -f /var/db/pfblockerng/permit/*
echo "===================="
echo "RELOAD LISTS"
logger "PFBLOCKER RELOADING LISTS"

/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php update

echo "reload done"
logger "PFBLOCKER LISTS RELOADED"

RonpfS

Iblocklist lists are not very up to date, check http://iplists.firehol.org/ to see when they were last updated, only 6 lists were updated lately as of today.

You should probably take your lists from the source and not third party like iblocklist.com