devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds'



  • I just "upgraded" from 2.1.4_14 to 2.2.5_19 using the steps here. I then followed this guide to do my initial setup.

    I went to Firewall > pfBlockerNG > Feeds
    Then I found the row with DNSBL Category ... ADs and clicked the + icon. On the following page, I enabled all and send Action to "Unbound". I then saved and wend to Firewall > pfBlockerNG > DNSBL > DNSBL Feeds. The selected feed does not show up.



  • Nevermind, I didn't read the note in the article that said Note: Some readers have stated that if you don’t see the feeds or if pfb_dnsbl won’t start, try adding an empty feed manually.


  • Moderator

    @ryanm said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

    Nevermind, I didn't read the note in the article that said Note: Some readers have stated that if you don’t see the feeds or if pfb_dnsbl won’t start, try adding an empty feed manually.

    This should be fixed in the latest version of DNSBL. Try to do a re-install of the package with "Keep settings" enabled.



  • @bbcan177 said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

    This should be fixed in the latest version of DNSBL. Try to do a re-install of the package with "Keep settings" enabled.

    How do you update DNSBL? I don't see it in my installed packages.


  • Moderator

    @ryanm

    Sorry I should have said pfBlockerNG-devel instead of DNSBL.



  • @bbcan177 Running 2.2.5_19 did a full re-install and it's still not listing them or the IP feeds as well.

    Creating a dummy list then deleting it does "fix" the problem in the short-term.


  • Moderator

    @lohphat said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

    Creating a dummy list then deleting it does "fix" the problem in the short-term.

    Does this command return anything?

    grep "<config></config>" /conf/config.xml
    

    If it does, then what does this show?

    grep -A100 "<pfblockernglistsv4" /conf/config.xml
    

    Also, can you attach this file:

    /conf/pkg_log_pfSense-pkg-pfBlockerNG-devel.txt
    


  • 0_1544073853532_pkg_log_pfSense-pkg-pfBlockerNG-devel.txt

    Since I used the dummy entry fix the answer to question 1 is "nothing" and question 2 then doesn't apply. I'd have to start over to get initial state.


  • Moderator

    @lohphat said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

    Since I used the dummy entry fix the answer to question 1 is "nothing" and question 2 then doesn't apply. I'd have to start over to get initial state.

    Try the second command ... increase the "100" until you get "</pfblockernglistsv4>"...

    So would need to see everything between:

    <pfblockernglistsv4>
    
    </pfblockernglistsv4>
    


  • @bbcan177 Since I fixed the lists by adding and deleting a dummy entry will these results help as the lists are now present.

    I don't mind starting over from scratch to help you debug the initial state.



  • @bbcan177

    OK fresh reinstall of 2.2.5_19. The feeds are not listed. I have not applied the fix of creating a dummy list then removing it to make the real feeds appear. Both the IP and DNSBL UIs show no lists defined even though they're checked off in the Feeds section. If I do add the dummy list and remove it in each section, the lists appear correctly.

    Question 1 response:

    [2.4.4-RELEASE][admin@pfSense.localdomain]/root: grep "<config></config>" /conf/config.xml
                            <config></config>
                            <config></config>
    

    Question 2 response:

    [2.4.4-RELEASE][admin@pfSense.localdomain]/root: grep -A400 "<pfblockernglistsv4" /conf/config.xml
                    <pfblockernglistsv4>
                            <config></config>
                            <config>
                                    <aliasname>PRI1</aliasname>
                                    <description><![CDATA[PRI1 - Collection of Feeds from the most reputable blocklist providers. (Primary tier)]]></description>
                                    <action>Deny_Both</action>
                                    <cron>01hour</cron>
                                    <dow>1</dow>
                                    <sort>sort</sort>
                                    <aliaslog>enabled</aliaslog>
                                    <stateremoval><![CDATA[enabled]]></stateremoval>
                                    <autoaddrnot_in></autoaddrnot_in>
                                    <autoports_in></autoports_in>
                                    <aliasports_in></aliasports_in>
                                    <autoaddr_in></autoaddr_in>
                                    <autonot_in></autonot_in>
                                    <aliasaddr_in></aliasaddr_in>
                                    <autoproto_in></autoproto_in>
                                    <agateway_in>default</agateway_in>
                                    <autoaddrnot_out></autoaddrnot_out>
                                    <autoports_out></autoports_out>
                                    <aliasports_out></aliasports_out>
                                    <autoaddr_out></autoaddr_out>
                                    <autonot_out></autonot_out>
                                    <aliasaddr_out></aliasaddr_out>
                                    <autoproto_out></autoproto_out>
                                    <agateway_out>default</agateway_out>
                                    <suppression_cidr>Disabled</suppression_cidr>
                                    <whois_convert></whois_convert>
                                    <custom></custom>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv</url>
                                            <header>Abuse_DYRE</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt</url>
                                            <header>Abuse_IPBL</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://sslbl.abuse.ch/blacklist/sslipblacklist.csv</url>
                                            <header>Abuse_SSLBL</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://zeustracker.abuse.ch/blocklist.php?download=badips</url>
                                            <header>Abuse_Zeus</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt</url>
                                            <header>BBC_C2</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://cinsarmy.com/list/ci-badguys.txt</url>
                                            <header>CINS_army</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt</url>
                                            <header>ET_Block</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://rules.emergingthreats.net/blockrules/compromised-ips.txt</url>
                                            <header>ET_Comp</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://feodotracker.abuse.ch/blocklist/?download=badips</url>
                                            <header>Feodo_BadIPs</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://feodotracker.abuse.ch/blocklist/?download=ipblocklist</url>
                                            <header>Feodo_Block</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://isc.sans.edu/api/sources/attacks/1000/30?text</url>
                                            <header>ISC_1000_30</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://isc.sans.edu/feeds/block.txt</url>
                                            <header>ISC_Block</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://pulsedive.com/premium?key=[key removed]&amp;types=ip</url>
                                            <header>Pulsedive</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://www.spamhaus.org/drop/drop.txt</url>
                                            <header>Spamhaus_Drop</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://www.spamhaus.org/drop/edrop.txt</url>
                                            <header>Spamhaus_eDrop</header>
                                    </row>
                                    <row>
                                            <format>auto</format>
                                            <state><![CDATA[Enabled]]></state>
                                            <url>https://www.talosintelligence.com/feeds/ip-filter.blf</url>
                                            <header>Talos_BL</header>
                                    </row>
                            </config>
                    </pfblockernglistsv4>
                 
    

    Question 3 response:

    File attached.0_1544128781420_pkg_log_pfSense-pkg-pfBlockerNG-devel.txt