Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds'

    pfBlockerNG
    4
    12
    1155
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RyanMR
      RyanM
      last edited by

      I just "upgraded" from 2.1.4_14 to 2.2.5_19 using the steps here. I then followed this guide to do my initial setup.

      I went to Firewall > pfBlockerNG > Feeds
      Then I found the row with DNSBL Category ... ADs and clicked the + icon. On the following page, I enabled all and send Action to "Unbound". I then saved and wend to Firewall > pfBlockerNG > DNSBL > DNSBL Feeds. The selected feed does not show up.

      RyanMR 1 Reply Last reply Reply Quote 1
      • RyanMR
        RyanM @RyanM
        last edited by

        Nevermind, I didn't read the note in the article that said Note: Some readers have stated that if you don’t see the feeds or if pfb_dnsbl won’t start, try adding an empty feed manually.

        BBcan177B 1 Reply Last reply Reply Quote 1
        • BBcan177B
          BBcan177 Moderator @RyanM
          last edited by

          @ryanm said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

          Nevermind, I didn't read the note in the article that said Note: Some readers have stated that if you don’t see the feeds or if pfb_dnsbl won’t start, try adding an empty feed manually.

          This should be fixed in the latest version of DNSBL. Try to do a re-install of the package with "Keep settings" enabled.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          RyanMR 1 Reply Last reply Reply Quote 0
          • RyanMR
            RyanM @BBcan177
            last edited by

            @bbcan177 said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

            This should be fixed in the latest version of DNSBL. Try to do a re-install of the package with "Keep settings" enabled.

            How do you update DNSBL? I don't see it in my installed packages.

            BBcan177B 1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator @RyanM
              last edited by

              @ryanm

              Sorry I should have said pfBlockerNG-devel instead of DNSBL.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              lohphatL 1 Reply Last reply Reply Quote 0
              • lohphatL
                lohphat @BBcan177
                last edited by lohphat

                @bbcan177 Running 2.2.5_19 did a full re-install and it's still not listing them or the IP feeds as well.

                Creating a dummy list then deleting it does "fix" the problem in the short-term.

                SG-3100 23.05-RELEASE (ARM) | Avahi (2.2_4) | ntopng (0.8.13_10) | openvpn-client-export (1.8) | pfBlockerNG-devel (3.2.0_5) | pimd (0.0.3_6) | System_Patches (2.2.3)

                BBcan177B 1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator @lohphat
                  last edited by BBcan177

                  @lohphat said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

                  Creating a dummy list then deleting it does "fix" the problem in the short-term.

                  Does this command return anything?

                  grep "<config></config>" /conf/config.xml
                  

                  If it does, then what does this show?

                  grep -A100 "<pfblockernglistsv4" /conf/config.xml
                  

                  Also, can you attach this file:

                  /conf/pkg_log_pfSense-pkg-pfBlockerNG-devel.txt
                  

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  lohphatL 1 Reply Last reply Reply Quote 0
                  • lohphatL
                    lohphat
                    last edited by

                    0_1544073853532_pkg_log_pfSense-pkg-pfBlockerNG-devel.txt

                    Since I used the dummy entry fix the answer to question 1 is "nothing" and question 2 then doesn't apply. I'd have to start over to get initial state.

                    SG-3100 23.05-RELEASE (ARM) | Avahi (2.2_4) | ntopng (0.8.13_10) | openvpn-client-export (1.8) | pfBlockerNG-devel (3.2.0_5) | pimd (0.0.3_6) | System_Patches (2.2.3)

                    BBcan177B 1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator @lohphat
                      last edited by

                      @lohphat said in devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds':

                      Since I used the dummy entry fix the answer to question 1 is "nothing" and question 2 then doesn't apply. I'd have to start over to get initial state.

                      Try the second command ... increase the "100" until you get "</pfblockernglistsv4>"...

                      So would need to see everything between:

                      <pfblockernglistsv4>
                      
                      </pfblockernglistsv4>
                      

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      lohphatL 1 Reply Last reply Reply Quote 0
                      • lohphatL
                        lohphat @BBcan177
                        last edited by

                        @bbcan177 Since I fixed the lists by adding and deleting a dummy entry will these results help as the lists are now present.

                        I don't mind starting over from scratch to help you debug the initial state.

                        SG-3100 23.05-RELEASE (ARM) | Avahi (2.2_4) | ntopng (0.8.13_10) | openvpn-client-export (1.8) | pfBlockerNG-devel (3.2.0_5) | pimd (0.0.3_6) | System_Patches (2.2.3)

                        1 Reply Last reply Reply Quote 0
                        • lohphatL
                          lohphat @BBcan177
                          last edited by lohphat

                          @bbcan177

                          OK fresh reinstall of 2.2.5_19. The feeds are not listed. I have not applied the fix of creating a dummy list then removing it to make the real feeds appear. Both the IP and DNSBL UIs show no lists defined even though they're checked off in the Feeds section. If I do add the dummy list and remove it in each section, the lists appear correctly.

                          Question 1 response:

                          [2.4.4-RELEASE][admin@pfSense.localdomain]/root: grep "<config></config>" /conf/config.xml
                                                  <config></config>
                                                  <config></config>
                          

                          Question 2 response:

                          [2.4.4-RELEASE][admin@pfSense.localdomain]/root: grep -A400 "<pfblockernglistsv4" /conf/config.xml
                                          <pfblockernglistsv4>
                                                  <config></config>
                                                  <config>
                                                          <aliasname>PRI1</aliasname>
                                                          <description><![CDATA[PRI1 - Collection of Feeds from the most reputable blocklist providers. (Primary tier)]]></description>
                                                          <action>Deny_Both</action>
                                                          <cron>01hour</cron>
                                                          <dow>1</dow>
                                                          <sort>sort</sort>
                                                          <aliaslog>enabled</aliaslog>
                                                          <stateremoval><![CDATA[enabled]]></stateremoval>
                                                          <autoaddrnot_in></autoaddrnot_in>
                                                          <autoports_in></autoports_in>
                                                          <aliasports_in></aliasports_in>
                                                          <autoaddr_in></autoaddr_in>
                                                          <autonot_in></autonot_in>
                                                          <aliasaddr_in></aliasaddr_in>
                                                          <autoproto_in></autoproto_in>
                                                          <agateway_in>default</agateway_in>
                                                          <autoaddrnot_out></autoaddrnot_out>
                                                          <autoports_out></autoports_out>
                                                          <aliasports_out></aliasports_out>
                                                          <autoaddr_out></autoaddr_out>
                                                          <autonot_out></autonot_out>
                                                          <aliasaddr_out></aliasaddr_out>
                                                          <autoproto_out></autoproto_out>
                                                          <agateway_out>default</agateway_out>
                                                          <suppression_cidr>Disabled</suppression_cidr>
                                                          <whois_convert></whois_convert>
                                                          <custom></custom>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv</url>
                                                                  <header>Abuse_DYRE</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt</url>
                                                                  <header>Abuse_IPBL</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://sslbl.abuse.ch/blacklist/sslipblacklist.csv</url>
                                                                  <header>Abuse_SSLBL</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://zeustracker.abuse.ch/blocklist.php?download=badips</url>
                                                                  <header>Abuse_Zeus</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt</url>
                                                                  <header>BBC_C2</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://cinsarmy.com/list/ci-badguys.txt</url>
                                                                  <header>CINS_army</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt</url>
                                                                  <header>ET_Block</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://rules.emergingthreats.net/blockrules/compromised-ips.txt</url>
                                                                  <header>ET_Comp</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://feodotracker.abuse.ch/blocklist/?download=badips</url>
                                                                  <header>Feodo_BadIPs</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://feodotracker.abuse.ch/blocklist/?download=ipblocklist</url>
                                                                  <header>Feodo_Block</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://isc.sans.edu/api/sources/attacks/1000/30?text</url>
                                                                  <header>ISC_1000_30</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://isc.sans.edu/feeds/block.txt</url>
                                                                  <header>ISC_Block</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://pulsedive.com/premium?key=[key removed]&amp;types=ip</url>
                                                                  <header>Pulsedive</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://www.spamhaus.org/drop/drop.txt</url>
                                                                  <header>Spamhaus_Drop</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://www.spamhaus.org/drop/edrop.txt</url>
                                                                  <header>Spamhaus_eDrop</header>
                                                          </row>
                                                          <row>
                                                                  <format>auto</format>
                                                                  <state><![CDATA[Enabled]]></state>
                                                                  <url>https://www.talosintelligence.com/feeds/ip-filter.blf</url>
                                                                  <header>Talos_BL</header>
                                                          </row>
                                                  </config>
                                          </pfblockernglistsv4>
                                       
                          

                          Question 3 response:

                          File attached.0_1544128781420_pkg_log_pfSense-pkg-pfBlockerNG-devel.txt

                          SG-3100 23.05-RELEASE (ARM) | Avahi (2.2_4) | ntopng (0.8.13_10) | openvpn-client-export (1.8) | pfBlockerNG-devel (3.2.0_5) | pimd (0.0.3_6) | System_Patches (2.2.3)

                          1 Reply Last reply Reply Quote 0
                          • G
                            gogglespisano
                            last edited by

                            This also happened for me with a clean install of 2.2.5_21.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post