No IPs suddenly



  • I'm using this tool to limit countries that are allowed to connect on certain services.

    I have about 10.000 IPs for my country and I woke up today with phonecalls that no-one was able to connect.

    I found out that the countrylist was empty. The fix was easy enough, just run an extra update. But why does this happen and is there a way to avoid this happening again (or at least running country-list manually)?

    I'm still hoping for a smoother way to allow traffic per country than this, but this has at least worked as a work-around for now.

    ===[  DNSBL Process  ]================================================

    DNSBL: Flush DNSBL_IP1/1 addresses added.

    Clearing all DNSBL Feeds…  completed
    Validating database... completed
    Reloading Unbound.... completed
    cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory
    DNSBL update [ 0 | PASSED  ]… completed [ 11/15/16 07:00:21 ]
    –----------------------------------------

    ===[  Continent Process  ]============================================

    Could not open ISO [ DK_v4 ]
    Could not open ISO [ DK_rep_v4 ]
    Could not open ISO [ PL_v4 ]
    Could not open ISO [ SE_v4 ]
    [ pfB_Europe_v4 ] Changes found… Updating
    [ pfB_Europe_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file
    Could not open ISO [ PN_rep_v4 ]
    [ pfB_Oceania_v4 ] exists. [ 11/15/16 07:00:22 ]
    Could not open ISO [ PL_v4 ]
    Could not open ISO [ PL_rep_v4 ]
    Could not open ISO [ ES_v4 ]
    Could not open ISO [ ES_rep_v4 ]
    [ pfB_Top_v4 ] Changes found… Updating
    [ pfB_Top_v4 ] Found no unique IPs, adding '1.1.1.1' to avoid empty file


  • Moderator

    Not sure if this is resolved, but you could try to re-download the MaxMind Database manually:

    php /usr/local/www/pfblockerng/pfblockerng.php dc
    


  • It was solved by running the update manually once more (re-running the cronjob that fills up the IP-list).

    I notice this happens almost every day now. People can't connect while the database is rebuilding. Doesn't look like an optimal way to do this. I have to run this thing manually off-hours from now on and it is a extra work I would like to not have…


  • Banned

    And why are you rebuilding the database every day when it's being updated once every month by upstream?



  • On my P4 386 system, Cron update takes 20-40 minutes to complete,
    DNS reload of the 92MB pfb_dnsbl.conf takes 4-5 minutes.

    2016-12-07 02:27:16	Daemon.Info	1.2.3.4	Dec  7 02:27:19 unbound: [66112:0] info: service stopped (unbound 1.5.10).
    2016-12-07 02:31:23	Daemon.Info	1.2.3.4	Dec  7 02:31:26 unbound: [66112:0] info: start of service (unbound 1.5.10).
    ```During the reload, DNS fails, so it's not a bad idea to run cron update off-hours.
    
    As for the Maxmind database, once it is rebuilt, there is no need to run```
    php /usr/local/www/pfblockerng/pfblockerng.php dc
    ```until something breaks or a new MaxMind database is released and for some reason the cron MaxMind update failed.

Log in to reply