PfBlockerNG 2.1.1_5 and issue with url/alias

romainp · Dec 21, 2016, 4:42 PM

Hi all!
Hope someone could help me with this. I have made a basic configuration of pfBlocker and created an ipv4 list of ip source and the alias pfB_badiplist was created, but when I go to the alias and want to save it I got this error message:

The following input errors were detected:

Unable to fetch usable data from URL https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badiplist

Not sure what to do at this point. I can't delete the alias of course but even if I rename it I still have the issue so I am pretty sure that pfblocker does not work right now for me.

Anyone already see this?

Any help will be appreciated :)
Thanks! and Have a great Christmas time with your family!

Romain.

RonpfS · Dec 21, 2016, 6:07 PM

What are the IPv4 Source Definitions URLs?
Did you look at pfblockerng.log ?

romainp · Dec 23, 2016, 7:12 AM

Hi,
I took most of the list from this post https://forum.pfsense.org/index.php?topic=64674.0. I have check the logs but no major errors, only some error related to the download of some urls but that's all. Note that, all was working fine with 2.1.1_4
Thanks

RonpfS · Dec 23, 2016, 7:23 AM

Well most of the iblocklist are stale and are know to cause trouble.
Look into the pfBlockerNG thread to find better list https://forum.pfsense.org/index.php?topic=86212.msg486648#msg486648

romainp · Dec 23, 2016, 3:41 PM

Nope.. Still have the same issue:

Try to reinstall the package
Try to remove the ipv4 defined list and create a brand new one with the items listed in yhe link you gave me (thanks!).
Still have the same issue.

I tried to go on command line and check what is the content (if exists) of the link and got:

[2.3.2-RELEASE][admin@fw.domain.lan]/root: curl -k https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
curl: No match.

So it seems that the pfblock list is not available in the link. But I can't really find a reason… I will try to dig deeper.

Thanks!
Romain

romainp · Dec 23, 2016, 3:53 PM

Hi,
Here are the logs found in the master system logs:

Dec 23 10:35:59 	php-fpm 	16274 	/firewall_aliases_edit.php: Download file failed with status code 0\. URL: https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
Dec 23 10:35:40 	php-fpm 	53132 	/rc.update_urltables: : pfB_badip does not need updating.
Dec 23 10:35:40 	php-fpm 	53132 	/rc.update_urltables: : Starting URL table alias updates
Dec 23 10:35:16 	check_reload_status 		Syncing firewall
Dec 23 10:35:13 	php-fpm 	62663 	/rc.update_urltables: : ERROR: could not update pfB_badip content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
Dec 23 10:35:13 	php-fpm 	62663 	/rc.update_urltables: Download file failed with status code 0\. URL: https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
Dec 23 10:35:12 	php-fpm 	62663 	/rc.update_urltables: : Starting URL table alias updates
Dec 23 10:35:01 	php-fpm 	92631 	/rc.filter_configure_sync: Message sent to romain.pelissier@gmail.com OK
Dec 23 10:35:00 	php-fpm 	62663 	/rc.update_urltables: : Sleeping for 12 seconds.
Dec 23 10:35:00 	php-fpm 	62663 	/rc.update_urltables: : Starting up.
Dec 23 10:35:00 	php-fpm 	62663 	/rc.update_urltables: : ERROR: could not update pfB_badip content from https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
Dec 23 10:35:00 	php-fpm 	62663 	/rc.update_urltables: Download file failed with status code 0\. URL: https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip
Dec 23 10:35:00 	php-fpm 	92631 	/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:194: macro 'pfB_badip' not defined - The line in question reads [194]: block in log quick on $WAN reply-to ( pppoe0 10.11.18.161 ) inet from $pfB_badip to any tracker 1770009136 label "USER_RULE: pfB_badip auto rule"
Dec 23 10:35:00 	php-fpm 	62663 	/rc.update_urltables: : Starting URL table alias updates
Dec 23 10:35:00 	xinetd 	33335 	Reconfigured: new=0 old=1 dropped=0 (services)
Dec 23 10:35:00 	xinetd 	33335 	readjusting service 6969-udp
Dec 23 10:35:00 	xinetd 	33335 	Swapping defaults
Dec 23 10:35:00 	xinetd 	33335 	Starting reconfiguration
Dec 23 10:34:59 	check_reload_status 		Synching URL alias pfB_badip
Dec 23 10:34:58 	check_reload_status 		Reloading filter
Dec 23 10:34:58 	php 		/usr/local/www/pfblockerng/pfblockerng.php: The command '/sbin/ifconfig 'em1_vlan100' delete '10.10.10.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
Dec 23 10:34:58 	php 		[pfBlockerNG] Starting cron process.
Dec 23 10:34:58 	check_reload_status 		Syncing firewall
Dec 23 10:34:50 	php-fpm 	34331 	/rc.filter_configure_sync: Message sent to romain.pelissier@gmail.com OK
Dec 23 10:34:49 	php-fpm 	62663 	/rc.update_urltables: : Sleeping for 11 seconds.
Dec 23 10:34:49 	php-fpm 	62663 	/rc.update_urltables: : Starting up.
Dec 23 10:34:49 	php-fpm 	34331 	/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:194: macro 'pfB_badip' not defined - The line in question reads [194]: block in log quick on $WAN reply-to ( pppoe0 10.11.18.161 ) inet from $pfB_badip to any tracker 1770009136 label "USER_RULE: pfB_badip auto rule"
Dec 23 10:34:48 	xinetd 	33335 	Reconfigured: new=0 old=1 dropped=0 (services)
Dec 23 10:34:48 	xinetd 	33335 	readjusting service 6969-udp
Dec 23 10:34:48 	xinetd 	33335 	Swapping defaults
Dec 23 10:34:48 	xinetd 	33335 	Starting reconfiguration
Dec 23 10:34:48 	check_reload_status 		Synching URL alias pfB_badip
Dec 23 10:34:48 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:48 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:48 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:48 	php-fpm 	60522 	/rc.filter_configure_sync: Message sent to romain.pelissier@gmail.com OK
Dec 23 10:34:47 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:47 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:47 	php-fpm 	60522 	/rc.filter_configure_sync: Message sent to romain.pelissier@gmail.com OK
Dec 23 10:34:46 	check_reload_status 		Reloading filter
Dec 23 10:34:46 	php-fpm 	53132 	/rc.update_urltables: : Sleeping for 54 seconds.
Dec 23 10:34:46 	php-fpm 	53132 	/rc.update_urltables: : Starting up.
Dec 23 10:34:46 	check_reload_status 		Syncing firewall
Dec 23 10:34:45 	php-fpm 	60522 	/rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfB_badiplist' for rule 'pfB_badiplist auto rule'
Dec 23 10:34:45 	xinetd 	33335 	Reconfigured: new=0 old=1 dropped=0 (services)
Dec 23 10:34:45 	xinetd 	33335 	readjusting service 6969-udp
Dec 23 10:34:45 	xinetd 	33335 	Swapping defaults
Dec 23 10:34:45 	xinetd 	33335 	Starting reconfiguration
Dec 23 10:34:45 	check_reload_status 		Synching URL alias pfB_badip
Dec 23 10:34:45 	check_reload_status 		Syncing firewall
Dec 23 10:34:44 	check_reload_status 		Reloading filter
Dec 23 10:34:44 	php-fpm 	34331 	/pkg_edit.php: The command '/sbin/ifconfig 'em1_vlan100' delete '10.10.10.1'' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'

They did not provide much more information. The only other strange thing is:

/pkg_edit.php: The command '/sbin/ifconfig 'em1_vlan100' delete '10.10.10.1'' returned exit code '1'

That's strange because this ip is supposed to be the one used by DNSBL which is not activated on my system…

RonpfS · Dec 23, 2016, 6:12 PM

Did you run a Force Update or a Force Reload when you modify the IP Feed?

Go to Firewall / pfBlockerNG / Log Browser and have a look at pfblockerng.log, error.log etc.
Look at the original IP files, Alias files etc to see if something breaks.

BBcan177 · Jan 7, 2017, 5:08 PM

Not sure why your linking to "https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_badip"???

romainp · Jan 7, 2017, 7:17 PM

This is what I have in the firewall alias definition! I have not do anything manually, this entry has been created by the package when I have created my ipv4 block list.

BBcan177 · Jan 7, 2017, 9:46 PM

When you add a List/Feed to the IPv4 tab, you can add a URL, or a path to a file in the pfSense Box.

The link you are posting is an old remnant of the original pfBlocker package, and that link is not accessible…

So I am not certain what you are trying to accomplish?

What Lists make up your alias "badip"?

Click on the blue "i" infoblock icons for further details...

romainp · Jan 7, 2017, 10:17 PM

Hi,
I don't want to to accomplish nothing in fact, just make it works without any issues :)
Ok, let's start over the story:
there was an update to the package several week ago. I did the update. Then some warning appears in the alert notification section of pfsense. I check the warning telling me that there something wrong with my badip alias. I checked the alias definition and see that when I do an edit of the url alias there was an error.
I have tried to reinstall the package, same thing. I have then post on the forum for some help :)

RonpfS · Jan 7, 2017, 10:58 PM

Maybe the List description "https://forum…" breaks things , try something like plain Text :D

BBcan177 · Jan 9, 2017, 6:02 PM

@romainp:

Hi,
I don't want to to accomplish nothing in fact, just make it works without any issues :)
Ok, let's start over the story:
there was an update to the package several week ago. I did the update. Then some warning appears in the alert notification section of pfsense. I check the warning telling me that there something wrong with my badip alias. I checked the alias definition and see that when I do an edit of the url alias there was an error.
I have tried to reinstall the package, same thing. I have then post on the forum for some help :)

The package uses the pfSense "URLTables" functionality but doesn't require the backend pfSense code to keep these aliases updated… So that URL that you see in the Firewall Alias page, is not really needed... I will address this in the next release...

If you had an error message (Apart from trying to download that URL), post that error, and we can address that...

romainp · Jan 9, 2017, 6:06 PM

Excellent!!! Thank you so much. It 's because i didn't known if it was a normal behaviour or not :)
Thanks! I will keep an eye to see if everything seems to be fine with the update and the catch of any ip listed in the list.