Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Loosing pfBlockerNG created firewall rules after cron run

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 480 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lveatch
      last edited by

      I am running version 2.1.2_1 and seem to be loosing a GeoIP based firewall rule after cron executes.  However, I can run manually forced update which corrects the problem.

      My concern is that I thought pfBlockerNG would keep the previous configuration if there was a failed ip block list download, but I seem to loose the blocking firewall rule leaving my home network exposed more than I'd like.

      The GeoIP based rule (pfB_NAmerica_v4) is for "Continent - North America" where I have United States US and US_rep selected for both ipv4 and ipv6.  I have the "invert source" checked under "Advanced Inbound Firewall Rule Settings".  List action is set to "Deny Inbound".

      This works fine for what seems like a few days, then I'll receive the following error notice.  Manually executing a forced update will typically recreate the firewall rule.

      Filter Reload

      There were error(s) loading the rules: /tmp/rules.debug:200: macro 'pfB_NAmerica_v4' not defined - The line in question reads [200]: block in log quick on $WAN reply-to ( igb0 xxx.xxx.xxx.xxx ) inet from ! $pfB_NAmerica_v4 to any tracker 1770009585 label "USER_RULE: pfB_NAmerica_v4 auto rule"
      @ 2017-10-30 10:29:05

      The hour before the error has the following stats where both of the pfB_NAmerica_v*.txt files have content.

      Alias table IP Counts
      -----------------------------
        284912 total
        114227 /var/db/aliastables/pfB_Top_v4.txt
         71902 /var/db/aliastables/pfB_NAmerica_v4.txt
         48097 /var/db/aliastables/pfB_Top_v6.txt
         33729 /var/db/aliastables/pfB_firehol.txt
         10856 /var/db/aliastables/pfB_NAmerica_v6.txt
          4194 /var/db/aliastables/pfB_emergingthreats.txt
          1816 /var/db/aliastables/pfB_binarydefense.txt
            88 /var/db/aliastables/pfB_DNSBLIP.txt
             2 /var/db/aliastables/pfB_Home_Attack_Logs.txt
             1 /var/db/aliastables/pfB_Scanning2.txt
      
      

      However, at the 10am run, both files are missing

      Alias table IP Counts
      -----------------------------
        284919 total
        114227 /var/db/aliastables/pfB_Top_v4.txt
         71902 /var/db/aliastables/pfB_NAmerica_v4.txt
         48097 /var/db/aliastables/pfB_Top_v6.txt
         33729 /var/db/aliastables/pfB_firehol.txt
         10856 /var/db/aliastables/pfB_NAmerica_v6.txt
          4194 /var/db/aliastables/pfB_emergingthreats.txt
          1823 /var/db/aliastables/pfB_binarydefense.txt
            88 /var/db/aliastables/pfB_DNSBLIP.txt
             2 /var/db/aliastables/pfB_Home_Attack_Logs.txt
             1 /var/db/aliastables/pfB_Scanning2.txt
      
       CRON  PROCESS  START [ 10/30/17 10:00:00 ]
      [ Home_Attack_Logs ]
        Remote timestamp: Wed, 25 Oct 2017 23:41:17 GMT
        Local  timestamp: Mon, 30 Oct 2017 14:00:05 GMT	Update found
      [ banlist ]
        Remote timestamp: Mon, 30 Oct 2017 14:00:04 GMT
        Local  timestamp: Mon, 30 Oct 2017 13:00:05 GMT	Update found
      [ firehol_level3 ]
      	( No remote timestamp/md5 unchanged )		Update not required
      [ malwaredomains ]
        Remote timestamp: Fri, 27 Oct 2017 22:00:56 GMT
        Local  timestamp: Fri, 27 Oct 2017 22:00:56 GMT	Update not required
      [ zeustracker_domains ]
        Remote timestamp: Sat, 28 Oct 2017 10:42:45 GMT
        Local  timestamp: Sat, 28 Oct 2017 10:42:45 GMT	Update not required
      [ aws_simple_tracking ]
        Remote timestamp: Fri, 31 Jul 2015 19:01:02 GMT
        Local  timestamp: Fri, 31 Jul 2015 19:01:02 GMT	Update not required
      [ aws_simple_ads ]
        Remote timestamp: Wed, 09 Mar 2016 19:46:05 GMT
        Local  timestamp: Wed, 09 Mar 2016 19:46:05 GMT	Update not required
       UPDATE PROCESS START [ 10/30/17 10:00:02 ]
      [ Removing List(s) : pfB_NAmerica_v4 ]
      [ Removing List(s) : pfB_NAmerica_v6 ]
      
      ===[  DNSBL Process  ]================================================
      
      [ easylist_wo_elements ] exists.
      [ EasyPrivacy ]		 exists.
      [ yoyo_ads ]		 Downloading update .. 200 OK.
       No Domains Found
      
      [ spamhaus_drop ]	 Downloading update [ 10/30/17 10:00:03 ] .. 200 OK
       No Domains Found
      
      [ dshield_top10_2 ]	 exists.
      [ hosts_file_ads ]	 exists.
      [ malwaredomains ]	 exists.
      [ zeustracker_domains ]	 exists.
      [ aws_simple_tracking ]	 exists.
      [ aws_simple_ads ]	 exists.
      [ DNSBL_IP ]		 Updating aliastable... 
        no changes.
        Total IP count = 88
      
      ===[  Continent Process  ]============================================
      
      [ pfB_NAmerica_v4 ]	 Changes found... Updating
      
      [ pfB_NAmerica_v6 ]	 Changes found... Updating
      
      [ pfB_Top_v4 ]		 exists. [ 10/30/17 10:00:05 ]
      [ pfB_Top_v6 ]		 exists.
      
      ===[  IPv4 Process  ]=================================================
      
      [ Home_Attack_Logs ]	 Downloading update .. completed ..
      
      [ Scanning2_custom ]	 exists.
      [ banlist ]		 Downloading update .. 200 OK. completed ..
      
      [ emerging_block_ips ]	 exists.
      [ emergingg_comprimised_ips ] exists.
      [ firehol_level3 ]	 exists.
      
      ===[  IPv6 Process  ]=================================================
      
      ===[  Aliastables / Rules  ]================================
      
      Firewall rule changes found, applying Filter Reload
      
      ===[ FINAL Processing ]=====================================
      
         [ Original IP count   ]  [ 284830 ]
      
      ===[ Deny List IP Counts ]===========================
      
        202073 total
        114227 /var/db/pfblockerng/deny/pfB_Top_v4.txt
         48097 /var/db/pfblockerng/deny/pfB_Top_v6.txt
         33729 /var/db/pfblockerng/deny/firehol_level3.txt
          2154 /var/db/pfblockerng/deny/emergingg_comprimised_ips.txt
          2040 /var/db/pfblockerng/deny/emerging_block_ips.txt
          1823 /var/db/pfblockerng/deny/banlist.txt
             2 /var/db/pfblockerng/deny/Home_Attack_Logs.txt
             1 /var/db/pfblockerng/deny/Scanning2_custom.txt
      
      ===[ Native List IP Counts ] ===================================
      
         82758 total
         71902 /var/db/pfblockerng/native/pfB_NAmerica_v4.txt
         10856 /var/db/pfblockerng/native/pfB_NAmerica_v6.txt
      
      ===[ DNSBL Domain/IP Counts ] ===================================
      
         78866 total
         46739 /var/db/pfblockerng/dnsbl/hosts_file_ads.txt
         18743 /var/db/pfblockerng/dnsbl/malwaredomains.txt
          8847 /var/db/pfblockerng/dnsbl/easylist_wo_elements.txt
          2968 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
          1019 /var/db/pfblockerng/dnsbl/aws_simple_ads.txt
           388 /var/db/pfblockerng/dnsbl/zeustracker_domains.txt
            64 /var/db/pfblockerng/dnsbl/dshield_top10_2.txt
            37 /var/db/pfblockerng/dnsbl/easylist_wo_elements.ip
            36 /var/db/pfblockerng/dnsbl/dshield_top10_2.ip
            15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip
            10 /var/db/pfblockerng/dnsbl/aws_simple_tracking.txt
      
      ====================[ Last Updated List Summary ]==============
      
      Oct 23	01:32	Scanning2_custom
      Oct 26	23:30	emerging_block_ips
      Oct 26	23:32	emergingg_comprimised_ips
      Oct 29	19:00	pfB_Top_v4
      Oct 29	19:00	pfB_Top_v6
      Oct 30	07:00	firehol_level3
      Oct 30	09:00	banlist
      Oct 30	10:00	pfB_NAmerica_v4
      Oct 30	10:00	pfB_NAmerica_v6
      Oct 30	10:00	Home_Attack_Logs
      
      IPv4 alias tables IP count
      -----------------------------
      225966
      
      IPv6 alias tables IP count
      -----------------------------
      58953
      
      Alias table IP Counts
      -----------------------------
        284919 total
        114227 /var/db/aliastables/pfB_Top_v4.txt
         71902 /var/db/aliastables/pfB_NAmerica_v4.txt
         48097 /var/db/aliastables/pfB_Top_v6.txt
         33729 /var/db/aliastables/pfB_firehol.txt
         10856 /var/db/aliastables/pfB_NAmerica_v6.txt
          4194 /var/db/aliastables/pfB_emergingthreats.txt
          1823 /var/db/aliastables/pfB_binarydefense.txt
            88 /var/db/aliastables/pfB_DNSBLIP.txt
             2 /var/db/aliastables/pfB_Home_Attack_Logs.txt
             1 /var/db/aliastables/pfB_Scanning2.txt
      
      pfSense Table Stats
      -------------------
      table-entries hard limit  2000000
      Table Usage Count         27
      
       UPDATE PROCESS ENDED
      
      **Saving configuration [ 10/30/17 10:28:59 ] ...
      [ Removing List(s) : pfB_NAmerica_v4 ]
      [ Removing List(s) : pfB_NAmerica_v6 ]
      
      ===[ FINAL Processing ]=====================================
      
         [ Original IP count   ]  [ 284830 ]
      
      ===[ Deny List IP Counts ]===========================
      
        202073 total
        114227 /var/db/pfblockerng/deny/pfB_Top_v4.txt
         48097 /var/db/pfblockerng/deny/pfB_Top_v6.txt
         33729 /var/db/pfblockerng/deny/firehol_level3.txt
          2154 /var/db/pfblockerng/deny/emergingg_comprimised_ips.txt
          2040 /var/db/pfblockerng/deny/emerging_block_ips.txt
          1823 /var/db/pfblockerng/deny/banlist.txt
             2 /var/db/pfblockerng/deny/Home_Attack_Logs.txt
             1 /var/db/pfblockerng/deny/Scanning2_custom.txt
      
      ===[ DNSBL Domain/IP Counts ] ===================================
      
         78866 total
         46739 /var/db/pfblockerng/dnsbl/hosts_file_ads.txt
         18743 /var/db/pfblockerng/dnsbl/malwaredomains.txt
          8847 /var/db/pfblockerng/dnsbl/easylist_wo_elements.txt
          2968 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
          1019 /var/db/pfblockerng/dnsbl/aws_simple_ads.txt
           388 /var/db/pfblockerng/dnsbl/zeustracker_domains.txt
            64 /var/db/pfblockerng/dnsbl/dshield_top10_2.txt
            37 /var/db/pfblockerng/dnsbl/easylist_wo_elements.ip
            36 /var/db/pfblockerng/dnsbl/dshield_top10_2.ip
            15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip
            10 /var/db/pfblockerng/dnsbl/aws_simple_tracking.txt
      
      ====================[ Last Updated List Summary ]==============
      
      Oct 23	01:32	Scanning2_custom
      Oct 26	23:30	emerging_block_ips
      Oct 26	23:32	emergingg_comprimised_ips
      Oct 29	19:00	pfB_Top_v4
      Oct 29	19:00	pfB_Top_v6
      Oct 30	07:00	firehol_level3
      Oct 30	09:00	banlist
      Oct 30	10:00	pfB_NAmerica_v4
      Oct 30	10:00	pfB_NAmerica_v6
      Oct 30	10:00	Home_Attack_Logs
      
      IPv4 alias tables IP count
      -----------------------------
      154064
      
      IPv6 alias tables IP count
      -----------------------------
      48097
      
      Alias table IP Counts
      -----------------------------
        202161 total
        114227 /var/db/aliastables/pfB_Top_v4.txt
         48097 /var/db/aliastables/pfB_Top_v6.txt
         33729 /var/db/aliastables/pfB_firehol.txt
          4194 /var/db/aliastables/pfB_emergingthreats.txt
          1823 /var/db/aliastables/pfB_binarydefense.txt
            88 /var/db/aliastables/pfB_DNSBLIP.txt
             2 /var/db/aliastables/pfB_Home_Attack_Logs.txt
             1 /var/db/aliastables/pfB_Scanning2.txt
      
      pfSense Table Stats
      -------------------
      table-entries hard limit  2000000
      Table Usage Count         27
      
       UPDATE PROCESS ENDED [ 10/30/17 10:29:01 ]
      
      

      Thoughts as to what is occuring?

      Regards
      Len

      Capture.PNG
      Capture.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.