Constant unresolvable alias alerts
-
I'm getting the following 2 alerts all the time, and it also emails them to me. Getting pretty annoying at this point to be honest. Why is it happening and how can I fix or stop it?
Unresolvable source alias 'pfB_IPBlocking' for rule 'pfB_IPBlocking auto rule'
Unresolvable destination alias 'pfB_IPBlocking' for rule 'pfB_IPBlocking auto rule'Any help is appreciated, thanks.
-
What do you see in pfBlockerNG Logs when you run a Force Update or a Force Reload IP ?
-
Force IP:
UPDATE PROCESS START [ 12/09/17 09:49:27 ] ===[ DNSBL Process ]================================================ [ EasyList_No_Elements ] exists. [ EasyList_Privacy ] exists. [ StevenBlack ] exists. [ MalwareDomains ] exists. [ Cameleon ] exists. [ Zeustracker ] exists. [ DisconnectMeTracking ] exists. [ DisconnectMeAds ] exists. [ HostsFileNet ] exists. [ DNSBL_IP ] Updating aliastable [ 12/09/17 09:49:28 ]... no changes. Total IP count = 55 ===[ Continent Process ]============================================ ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update ===[ Kill States ]================================================== No matching states found ====================================================================== UPDATE PROCESS ENDED [ 12/09/17 09:49:35 ]
Force Reload All:
UPDATE PROCESS START [ 12/09/17 09:50:55 ] ===[ DNSBL Process ]================================================ [ EasyList_No_Elements ] Reload [ 12/09/17 09:50:56 ] . completed .. Whitelist: entrecard.s3.amazonaws.com|ltassrv.com.s3.amazonaws.com| Alexa Whitelist: absoluteclickscom.com|ad-apac.doubleclick.net|ad-emea.doubleclick.net|ad.doubleclick.net|ad.mo.doubleclick.net|adexchangecloud.com|bongacams.com|buzzadnetwork.com|cm.g.doubleclick.net|codeonclick.com|directrev.com|doubleclick.net|doublepimp.com|doublepimpssl.com|exdynsrv.com|exoclick.com|exosrv.com|flirt4free.com|fwbntw.com|gan.doubleclick.net|googleads.g.doubleclick.net|iv.doubleclick.net|iwanttodeliver.com|jsmjmp.com|junbi-tracker.com|liveadexchanger.com|mellowads.com|mysagagame.com|n4403ad.doubleclick.net|neobux.com|partner.video.syndication.msn.com|popads.net|popcash.net|popmyads.com|prpops.com|pubads.g.doubleclick.net|reallifecam.com|smartadtags.com|speakol.com|tradedoubler.com|traffic-media.co|valuecommerce.com|velocecdn.com|wzus1.ask.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 10012 9476 0 2 44 9430 ---------------------------------------------------------------------- IP count=38 [ EasyList_Privacy ] Reload [ 12/09/17 09:51:19 ] . completed .. Whitelist: optimizely.com| Alexa Whitelist: cnzz.com|doubleclick.net|shareasale.com|tradedoubler.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 3088 3064 28 1 4 3031 ---------------------------------------------------------------------- IP count=16 [ StevenBlack ] Reload [ 12/09/17 09:51:23 ] . completed .. Whitelist: 3459571470.log.optimizely.com|adagiobanner.s3.amazonaws.com|admarvel.s3.amazonaws.com|ads.linkedin.com|ads.twitter.com|adtago.s3.amazonaws.com|advert.funimation.com|advice-ads.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|c.msn.com|campaign-tapad.s3.amazonaws.com|cdn.installationsafe.net.s3.amazonaws.com|cdn.optimizely.com|cdn3.optimizely.com|digital-ads.s3.amazonaws.com|ecommstats.s3.amazonaws.com|entrecard.s3.amazonaws.com|exitsplash.s3.amazonaws.com|gx-in-f109.1e100.net|html5adkit.plusmo.s3.amazonaws.com|htmlads.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|js-agent.newrelic.com|load.s3.amazonaws.com|localhost.localdomain|log.optimizely.com|log3.optimizely.com|mackeeper-land-672695126.us-east-1.elb.amazonaws.com|matchbin-assets.s3.amazonaws.com|mobileanalytics.us-east-1.amazonaws.com|mobileanalytics.us-east-2.amazonaws.com|mobileanalytics.us-west-1.amazonaws.com|mobileanalytics.us-west-2.amazonaws.com|mondoads.s3.amazonaws.com|mu-in-f167.1e100.net|ncads.s3.amazonaws.com|odds.optimizely.com|p.twitter.com|scribe.twitter.com|slate-ad-scripts.s3.amazonaws.com|springclick-ads.s3.amazonaws.com|static-shareaholic.s3.amazonaws.com|strikeadcdn.s3.amazonaws.com|sync.cmedia.s3.amazonaws.com|tracking.opencandy.com.s3.amazonaws.com|viewerstats.docstoc.com.s3.amazonaws.com|vml1.s3.amazonaws.com|yab-adimages.s3.amazonaws.com|yx-in-f108.1e100.net|znaptag-us.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 43001 43001 1305 52 0 41644 ---------------------------------------------------------------------- IP count=1 [ MalwareDomains ] Reload [ 12/09/17 09:51:53 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 14906 14906 300 0 0 14606 ---------------------------------------------------------------------- [ Cameleon ] Reload [ 12/09/17 09:52:07 ] . completed .. Whitelist: 3459571470.log.optimizely.com|ads.twitter.com|advert.funimation.com|analytics.twitter.com|cdn.optimizely.com|cdn3.optimizely.com|js-agent.newrelic.com|log.optimizely.com|log3.optimizely.com|odds.optimizely.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 20629 20629 12426 10 0 8193 ---------------------------------------------------------------------- [ Zeustracker ] Reload [ 12/09/17 09:52:20 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 401 401 8 0 0 393 ---------------------------------------------------------------------- [ DisconnectMeTracking ] Reload [ 12/09/17 09:52:24 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 34 34 13 0 0 21 ---------------------------------------------------------------------- [ DisconnectMeAds ] Reload [ 12/09/17 09:52:27 ] . completed .. Whitelist: admarvel.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|entrecard.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|yab-adimages.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 2703 2703 2341 6 0 356 ---------------------------------------------------------------------- [ HostsFileNet ] Reload [ 12/09/17 09:52:31 ] . completed .. Whitelist: 137852403.log.optimizely.com|196179102.log.optimizely.com|2426010203.log.optimizely.com|2449650414.log.optimizely.com|2570540166.log.optimizely.com|2926210385.log.optimizely.com|3480025.log.optimizely.com|38179760.log.optimizely.com|401591473.log.optimizely.com|554924358.log.optimizely.com|74647825.log.optimizely.com|9785216.log.optimizely.com|a6522.s3-website-us-east-1.amazonaws.com|admarvel.s3.amazonaws.com|ads.linkedin.com|ads_ad_center.s3.amazonaws.com|adstracking.s3-website-us-west-1.amazonaws.com|advice-ads.s3.amazonaws.com|advrts.s3.amazonaws.com|adzerk-www.s3.amazonaws.com|airpushmarketing.s3.amazonaws.com|analytics.twitter.com|analyticsengine.s3.amazonaws.com|api.optimizely.com|arabmistress.s3.amazonaws.com|blamads-assets.s3.amazonaws.com|bo-videos.s3.amazonaws.com|btg.mtvnservices.com|c.microsoft.com|c.msn.com|c1.microsoft.com|cadreon.s3.amazonaws.com|campaign-tapad.s3.amazonaws.com|cd-ladsp-com.s3.amazonaws.com|cdn.optimizely.com|cdn2.optimizely.com|cdn3.optimizely.com|ce2-dev-trk.s3.amazonaws.com|ce2-dev.s3.amazonaws.com|chartaca.com.s3.amazonaws.com|cloudfront-labs.amazonaws.com|collector-cdn.github.com|com.djinnworks.sdm.s3.amazonaws.com|convertglobal.s3.amazonaws.com|dban4-549565586.eu-west-1.elb.amazonaws.com|demandmedia.s3.amazonaws.com|deskwww.s3.amazonaws.com|ec2-54-171-97-32.eu-west-1.compute.amazonaws.com|ec2-54-225-149-4.compute-1.amazonaws.com|ec2-54-235-183-132.compute-1.amazonaws.com|epowernetworktrackerimages.s3.amazonaws.com|evs-hosted-14facd241e1c08.s3.amazonaws.com|forumwarz.s3.amazonaws.com|gateways.s3.amazonaws.com|getbarometer.s3.amazonaws.com|getsidecar.s3.amazonaws.com|gfaf-banners.s3.amazonaws.com|homad-global-configs-eu-fra.schneevonmorgen.com.s3.amazonaws.com|html5adkit.plusmo.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|immassets.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|inpref.s3-external-3.amazonaws.com|inpref.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|js-agent.newrelic.com|kkastatic.s3.amazonaws.com|kraken-measurements.s3.amazonaws.com|livechat.s3.amazonaws.com|log.optimizely.com|loved-by.s3.amazonaws.com|ltassrv.com.s3.amazonaws.com|magnify360-cdn.s3.amazonaws.com|matchbin-assets.s3.amazonaws.com|myadserve.s3-website-us-east-1.amazonaws.com|newbuzz-collection-1925855828.us-east-1.elb.amazonaws.com|news-whistleout.s3.amazonaws.com|nmtracking.netflix.com|nxa-ls.s3.amazonaws.com|optimizely.com|optimizely.s3.amazonaws.com|pivotal.github.com|platform.linkedin.com|research.netflix.com|rich-agent.s3.amazonaws.com|s3-tracking.synthasite.net.s3.amazonaws.com|sana.newsinc.com.s3.amazonaws.com|sdsbucket.s3.amazonaws.com|spyhunter-download.s3.amazonaws.com|strikeadcdn.s3.amazonaws.com|thetradedesk-tags.s3.amazonaws.com|trafficads.s3-website-us-west-1.amazonaws.com|tree-pixel-log.s3.amazonaws.com|twitter-badges.s3.amazonaws.com|us-east-1.profile-api.ads.linkedin.com|vice-ads.s3.amazonaws.com|waiwidgets-1246822334.eu-west-1.elb.amazonaws.com|whistleout.s3.amazonaws.com|yc-ads.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 48524 48521 9091 99 0 39331 ---------------------------------------------------------------------- [ DNSBL_IP ] Updating aliastable [ 12/09/17 09:53:33 ]... no changes. Total IP count = 55 ------------------------------------------ Assembling database... completed Validating database... completed [ 12/09/17 09:54:18 ] Reloading Unbound.... completed DNSBL update [ 117005 | PASSED ]... completed [ 12/09/17 09:55:20 ] ------------------------------------------ ===[ Continent Process ]============================================ ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update ===[ Kill States ]================================================== No matching states found ====================================================================== ===[ FINAL Processing ]===================================== [ Original IP count ] [ 0 ] [ Final IP Count ] [ 0 ] ===[ DNSBL Domain/IP Counts ] =================================== 117060 total 41644 /var/db/pfblockerng/dnsbl/StevenBlack.txt 39331 /var/db/pfblockerng/dnsbl/HostsFileNet.txt 14606 /var/db/pfblockerng/dnsbl/MalwareDomains.txt 9430 /var/db/pfblockerng/dnsbl/EasyList_No_Elements.txt 8193 /var/db/pfblockerng/dnsbl/Cameleon.txt 3031 /var/db/pfblockerng/dnsbl/EasyList_Privacy.txt 393 /var/db/pfblockerng/dnsbl/Zeustracker.txt 356 /var/db/pfblockerng/dnsbl/DisconnectMeAds.txt 38 /var/db/pfblockerng/dnsbl/EasyList_No_Elements.ip 21 /var/db/pfblockerng/dnsbl/DisconnectMeTracking.txt 16 /var/db/pfblockerng/dnsbl/EasyList_Privacy.ip 1 /var/db/pfblockerng/dnsbl/StevenBlack.ip =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- IPv4 alias tables IP count ----------------------------- 55 IPv6 alias tables IP count ----------------------------- 0 Alias table IP Counts ----------------------------- 55 total 55 /var/db/aliastables/pfB_DNSBLIP.txt 0 /var/db/aliastables/pfB_MaliciousIPs.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 4039 UPDATE PROCESS ENDED [ 12/09/17 09:55:31 ]
-
I don't see any IPBlocking table.
If you have created FW rules using and inexistant pfB_IPBlocking alias, you will get those messages.
Either enable the IPBlocking table or remove the FW Rules using it. -
I don't see any IPBlocking table.
If you have created FW rules using and inexistant pfB_IPBlocking alias, you will get those messages.
Either enable the IPBlocking table or remove the FW Rules using it.Oh… OK so let me make sure I know what you mean.
I have no lists in PFBlockerNG IPv4 or IPv6. That's what you mean by the IPBlocking table?
In firewall alias URLs, I have one entry for pfB_DNSBLIP
In firewall alias IP, I have 2 entries, one for ms telemetry and one for acme lets encrypt
In firewall rules, I have an entry for pfB_DNSBLIP and pfB_IPBlocking.I believe the firewall rules were created automatically. I added the MS telemetry list.
What exactly do I need to do to remove or activate things?
-
In firewall rules, I have an entry for pfB_DNSBLIP and pfB_IPBlocking.
You have problem with "pfB_IPBlocking" that might have been created by pfBlockerNG at some point, but now it uses "Unresolvable source/destination alias 'pfB_IPBlocking' ". So remove those rules.
-
You have problem with "pfB_IPBlocking" that might have been created by pfBlockerNG at some point, but now it uses "Unresolvable source/destination alias 'pfB_IPBlocking' ". So remove those rules.
OK, I've deleted that rule on the WAN and LAN interfaces. It does look like the alerts have stopped. Thank you so much!
I don't believe there will be, but could deleting that cause any problems?
-
I don't believe there will be, but could deleting that cause any problems?
Well I don't know, maybe at some point you did some tests and now it's not needed.
Removing them already solved the email problem ;) ;D -
I don't believe there will be, but could deleting that cause any problems?
Well I don't know, maybe at some point you did some tests and now it's not needed.
Removing them already solved the email problem ;) ;DFairly sure I messed with some IP lists at some point, but never noticed the new rule or whatever. Still don't know a whole lot about networking and firewalls so I don't always recognize things like this.
Alerts have definitely gone away at this point, thank you so much for helping me nail that down.