Loosing pfBlockerNG created firewall rules after cron run
-
I am running version 2.1.2_1 and seem to be loosing a GeoIP based firewall rule after cron executes. However, I can run manually forced update which corrects the problem.
My concern is that I thought pfBlockerNG would keep the previous configuration if there was a failed ip block list download, but I seem to loose the blocking firewall rule leaving my home network exposed more than I'd like.
The GeoIP based rule (pfB_NAmerica_v4) is for "Continent - North America" where I have United States US and US_rep selected for both ipv4 and ipv6. I have the "invert source" checked under "Advanced Inbound Firewall Rule Settings". List action is set to "Deny Inbound".
This works fine for what seems like a few days, then I'll receive the following error notice. Manually executing a forced update will typically recreate the firewall rule.
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:200: macro 'pfB_NAmerica_v4' not defined - The line in question reads [200]: block in log quick on $WAN reply-to ( igb0 xxx.xxx.xxx.xxx ) inet from ! $pfB_NAmerica_v4 to any tracker 1770009585 label "USER_RULE: pfB_NAmerica_v4 auto rule"
@ 2017-10-30 10:29:05The hour before the error has the following stats where both of the pfB_NAmerica_v*.txt files have content.
Alias table IP Counts ----------------------------- 284912 total 114227 /var/db/aliastables/pfB_Top_v4.txt 71902 /var/db/aliastables/pfB_NAmerica_v4.txt 48097 /var/db/aliastables/pfB_Top_v6.txt 33729 /var/db/aliastables/pfB_firehol.txt 10856 /var/db/aliastables/pfB_NAmerica_v6.txt 4194 /var/db/aliastables/pfB_emergingthreats.txt 1816 /var/db/aliastables/pfB_binarydefense.txt 88 /var/db/aliastables/pfB_DNSBLIP.txt 2 /var/db/aliastables/pfB_Home_Attack_Logs.txt 1 /var/db/aliastables/pfB_Scanning2.txtHowever, at the 10am run, both files are missing
Alias table IP Counts ----------------------------- 284919 total 114227 /var/db/aliastables/pfB_Top_v4.txt 71902 /var/db/aliastables/pfB_NAmerica_v4.txt 48097 /var/db/aliastables/pfB_Top_v6.txt 33729 /var/db/aliastables/pfB_firehol.txt 10856 /var/db/aliastables/pfB_NAmerica_v6.txt 4194 /var/db/aliastables/pfB_emergingthreats.txt 1823 /var/db/aliastables/pfB_binarydefense.txt 88 /var/db/aliastables/pfB_DNSBLIP.txt 2 /var/db/aliastables/pfB_Home_Attack_Logs.txt 1 /var/db/aliastables/pfB_Scanning2.txtCRON PROCESS START [ 10/30/17 10:00:00 ] [ Home_Attack_Logs ] Remote timestamp: Wed, 25 Oct 2017 23:41:17 GMT Local timestamp: Mon, 30 Oct 2017 14:00:05 GMT Update found [ banlist ] Remote timestamp: Mon, 30 Oct 2017 14:00:04 GMT Local timestamp: Mon, 30 Oct 2017 13:00:05 GMT Update found [ firehol_level3 ] ( No remote timestamp/md5 unchanged ) Update not required [ malwaredomains ] Remote timestamp: Fri, 27 Oct 2017 22:00:56 GMT Local timestamp: Fri, 27 Oct 2017 22:00:56 GMT Update not required [ zeustracker_domains ] Remote timestamp: Sat, 28 Oct 2017 10:42:45 GMT Local timestamp: Sat, 28 Oct 2017 10:42:45 GMT Update not required [ aws_simple_tracking ] Remote timestamp: Fri, 31 Jul 2015 19:01:02 GMT Local timestamp: Fri, 31 Jul 2015 19:01:02 GMT Update not required [ aws_simple_ads ] Remote timestamp: Wed, 09 Mar 2016 19:46:05 GMT Local timestamp: Wed, 09 Mar 2016 19:46:05 GMT Update not required UPDATE PROCESS START [ 10/30/17 10:00:02 ] [ Removing List(s) : pfB_NAmerica_v4 ] [ Removing List(s) : pfB_NAmerica_v6 ] ===[ DNSBL Process ]================================================ [ easylist_wo_elements ] exists. [ EasyPrivacy ] exists. [ yoyo_ads ] Downloading update .. 200 OK. No Domains Found [ spamhaus_drop ] Downloading update [ 10/30/17 10:00:03 ] .. 200 OK No Domains Found [ dshield_top10_2 ] exists. [ hosts_file_ads ] exists. [ malwaredomains ] exists. [ zeustracker_domains ] exists. [ aws_simple_tracking ] exists. [ aws_simple_ads ] exists. [ DNSBL_IP ] Updating aliastable... no changes. Total IP count = 88 ===[ Continent Process ]============================================ [ pfB_NAmerica_v4 ] Changes found... Updating [ pfB_NAmerica_v6 ] Changes found... Updating [ pfB_Top_v4 ] exists. [ 10/30/17 10:00:05 ] [ pfB_Top_v6 ] exists. ===[ IPv4 Process ]================================================= [ Home_Attack_Logs ] Downloading update .. completed .. [ Scanning2_custom ] exists. [ banlist ] Downloading update .. 200 OK. completed .. [ emerging_block_ips ] exists. [ emergingg_comprimised_ips ] exists. [ firehol_level3 ] exists. ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]================================ Firewall rule changes found, applying Filter Reload ===[ FINAL Processing ]===================================== [ Original IP count ] [ 284830 ] ===[ Deny List IP Counts ]=========================== 202073 total 114227 /var/db/pfblockerng/deny/pfB_Top_v4.txt 48097 /var/db/pfblockerng/deny/pfB_Top_v6.txt 33729 /var/db/pfblockerng/deny/firehol_level3.txt 2154 /var/db/pfblockerng/deny/emergingg_comprimised_ips.txt 2040 /var/db/pfblockerng/deny/emerging_block_ips.txt 1823 /var/db/pfblockerng/deny/banlist.txt 2 /var/db/pfblockerng/deny/Home_Attack_Logs.txt 1 /var/db/pfblockerng/deny/Scanning2_custom.txt ===[ Native List IP Counts ] =================================== 82758 total 71902 /var/db/pfblockerng/native/pfB_NAmerica_v4.txt 10856 /var/db/pfblockerng/native/pfB_NAmerica_v6.txt ===[ DNSBL Domain/IP Counts ] =================================== 78866 total 46739 /var/db/pfblockerng/dnsbl/hosts_file_ads.txt 18743 /var/db/pfblockerng/dnsbl/malwaredomains.txt 8847 /var/db/pfblockerng/dnsbl/easylist_wo_elements.txt 2968 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt 1019 /var/db/pfblockerng/dnsbl/aws_simple_ads.txt 388 /var/db/pfblockerng/dnsbl/zeustracker_domains.txt 64 /var/db/pfblockerng/dnsbl/dshield_top10_2.txt 37 /var/db/pfblockerng/dnsbl/easylist_wo_elements.ip 36 /var/db/pfblockerng/dnsbl/dshield_top10_2.ip 15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip 10 /var/db/pfblockerng/dnsbl/aws_simple_tracking.txt ====================[ Last Updated List Summary ]============== Oct 23 01:32 Scanning2_custom Oct 26 23:30 emerging_block_ips Oct 26 23:32 emergingg_comprimised_ips Oct 29 19:00 pfB_Top_v4 Oct 29 19:00 pfB_Top_v6 Oct 30 07:00 firehol_level3 Oct 30 09:00 banlist Oct 30 10:00 pfB_NAmerica_v4 Oct 30 10:00 pfB_NAmerica_v6 Oct 30 10:00 Home_Attack_Logs IPv4 alias tables IP count ----------------------------- 225966 IPv6 alias tables IP count ----------------------------- 58953 Alias table IP Counts ----------------------------- 284919 total 114227 /var/db/aliastables/pfB_Top_v4.txt 71902 /var/db/aliastables/pfB_NAmerica_v4.txt 48097 /var/db/aliastables/pfB_Top_v6.txt 33729 /var/db/aliastables/pfB_firehol.txt 10856 /var/db/aliastables/pfB_NAmerica_v6.txt 4194 /var/db/aliastables/pfB_emergingthreats.txt 1823 /var/db/aliastables/pfB_binarydefense.txt 88 /var/db/aliastables/pfB_DNSBLIP.txt 2 /var/db/aliastables/pfB_Home_Attack_Logs.txt 1 /var/db/aliastables/pfB_Scanning2.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 27 UPDATE PROCESS ENDED **Saving configuration [ 10/30/17 10:28:59 ] ... [ Removing List(s) : pfB_NAmerica_v4 ] [ Removing List(s) : pfB_NAmerica_v6 ] ===[ FINAL Processing ]===================================== [ Original IP count ] [ 284830 ] ===[ Deny List IP Counts ]=========================== 202073 total 114227 /var/db/pfblockerng/deny/pfB_Top_v4.txt 48097 /var/db/pfblockerng/deny/pfB_Top_v6.txt 33729 /var/db/pfblockerng/deny/firehol_level3.txt 2154 /var/db/pfblockerng/deny/emergingg_comprimised_ips.txt 2040 /var/db/pfblockerng/deny/emerging_block_ips.txt 1823 /var/db/pfblockerng/deny/banlist.txt 2 /var/db/pfblockerng/deny/Home_Attack_Logs.txt 1 /var/db/pfblockerng/deny/Scanning2_custom.txt ===[ DNSBL Domain/IP Counts ] =================================== 78866 total 46739 /var/db/pfblockerng/dnsbl/hosts_file_ads.txt 18743 /var/db/pfblockerng/dnsbl/malwaredomains.txt 8847 /var/db/pfblockerng/dnsbl/easylist_wo_elements.txt 2968 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt 1019 /var/db/pfblockerng/dnsbl/aws_simple_ads.txt 388 /var/db/pfblockerng/dnsbl/zeustracker_domains.txt 64 /var/db/pfblockerng/dnsbl/dshield_top10_2.txt 37 /var/db/pfblockerng/dnsbl/easylist_wo_elements.ip 36 /var/db/pfblockerng/dnsbl/dshield_top10_2.ip 15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip 10 /var/db/pfblockerng/dnsbl/aws_simple_tracking.txt ====================[ Last Updated List Summary ]============== Oct 23 01:32 Scanning2_custom Oct 26 23:30 emerging_block_ips Oct 26 23:32 emergingg_comprimised_ips Oct 29 19:00 pfB_Top_v4 Oct 29 19:00 pfB_Top_v6 Oct 30 07:00 firehol_level3 Oct 30 09:00 banlist Oct 30 10:00 pfB_NAmerica_v4 Oct 30 10:00 pfB_NAmerica_v6 Oct 30 10:00 Home_Attack_Logs IPv4 alias tables IP count ----------------------------- 154064 IPv6 alias tables IP count ----------------------------- 48097 Alias table IP Counts ----------------------------- 202161 total 114227 /var/db/aliastables/pfB_Top_v4.txt 48097 /var/db/aliastables/pfB_Top_v6.txt 33729 /var/db/aliastables/pfB_firehol.txt 4194 /var/db/aliastables/pfB_emergingthreats.txt 1823 /var/db/aliastables/pfB_binarydefense.txt 88 /var/db/aliastables/pfB_DNSBLIP.txt 2 /var/db/aliastables/pfB_Home_Attack_Logs.txt 1 /var/db/aliastables/pfB_Scanning2.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 27 UPDATE PROCESS ENDED [ 10/30/17 10:29:01 ]Thoughts as to what is occuring?
Regards
Len
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.