Lost Alias In Update from 2.2.5_17 to 2.2.5_19
I seem to have lost an IPv4 Alias that was previously working when I updated from 2.2.5_17-devel to 2.2.5_19.
I have a custom feed for a Spamhaus list which is located at https://www.spamhaus.org/drop/asndrop.txt. The feed has been working fine for a long time. The list is downloaded, the ailas has been created and the firewall rule has been blocking sites on the list.
But after the update I get multiple alert messages like the following:
Unresolvable destination alias 'pfB_Spamhaus_v4' for rule 'pfb_Spamhaus auto rule' @ 2018-12-19 18:49:10
I looked for the Alias in the firewall and it was no longer there. It had vanished. So I checked the log files in pfBlocker (Original IP Files) to see if the feed was downloaded. I found a log file titled "Spamhaus_ASNdrop_v4.orig" which had a full download of the list.
I've tried a forced reload of everything and the alias was not created. I've deleted the IPv4 setup and the downloaded list in pfblocker then did a Forced/Reload/IP. Once completed, I recreated the IPv4 setup and ran a Forced/Reload/IP again. The list was downloaded but the Spamhaus Alias was not created.
I'm at a loss as to what to do to get the alias created. Here is a picture of the IPv4 setup (all other options in the setup are defaults):
RonpfS last edited by RonpfS
The file in question :
; Spamhaus ASN-DROP List 2018/12/20 - (c) 2018 The Spamhaus Project ; https://www.spamhaus.org/drop/asndrop.txt ; Last-Modified: Thu, 20 Dec 2018 18:35:49 GMT ; Expires: Fri, 21 Dec 2018 18:35:49 GMT AS612 ; US | PRECISIONTECH - PRECISION TECHNOLOGY Inc,US AS3266 ; DE | POISONIX-, DE AS3396 ; US | EGG - T G & A AS3502 ; US | INTNET - Intelligence Network Online, Inc., US AS3563 ; US | PILOT-ASN - Pilot Network Services, Inc,US AS3791 ; US | VCHS-AS - Via Christi Health System, Inc., US AS3904 ; US | ASTHOUGHTPRT - ThoughtPort inc., US AS4640 ; AT | The Internetworking Corporation, Hong Kong AS5784 ; US | GETNET - Getnet International, US AS6218 ; US | MIBX - MIBX, Inc., US AS6560 ; ZA | GEM Internet Company (Pty) LTD AS6729 ; LV | SUNOKMAN-AS, LV
probably isn't supported by pfblockerNG IPV4 "Auto" format.
Did you try changing the format to "ASN" ?
Review the pfblockerng.log to see what it does it this Alias.
Thank you for your reply. I had thought that may be the issue as well and had tried to use the the "ANS" format. I went ahead and tried it again using these steps.
- I deleted the existing downloaded "Spamhaus_ASNdrop_v4.orig" file.
- I went to the IPv4 Setuo and changed the Format to "ANS" and saved.
- A Chron update was scheduled to start so I left it alone and let it update.
Still no luck.
The new downloaded Spamhaus_ASNdrop_v4.orig log file only contains the following:
### Domain: https://www.spamhaus.org/drop/asndrop.txt ###
The pfBlocker log has these following 3 references to Spamhaus_ASNdrop_v4.orig
=======================[ IPv4 Process ]=======================
[ Spamhaus_ASNdrop_v4 ] Downloading update [ 12/20/18 14:01:29 ] .. completed ..
[ pfB_Spamhaus_v4 Spamhaus_ASNdrop_v4 ] No IPs found! Ensure only IP based Feeds are used! ]
====================[ Empty Lists w/127.1.7.7 ]==================
================[ IPv4/6 Last Updated List Summary ]==============
Dec 20 14:01 Spamhaus_ASNdrop_v4
Well that's it... it doesn't understand that file format
I agree with you. It sure appears to be the case. However, it does appear to be an issue introduced in the 2.2.5-19 update. I had never had this issue before and it started immediately after I installed the update. Prior to that I was able to download the feed with the "Auto" format and it was parsed correctly and the Alias was created. Now the feed is not parced and the Alias which was previously created has been removed from the Alias list in the firewall.
It's a parsing issue that only BBCan177 could address.
If you really need that table, you could recreate the table by inputting the 400 lines using ASN format
That's way above my pay grade! But if It is a bug, I'm very happy to help BBCan177 any way I can
Well you could build a table with a few ASN (it's about 10sec per ASN ) and check if those networks are already included in the https://www.spamhaus.org/drop/drop.txt and https://www.spamhaus.org/drop/edrop.txt list.
I have a custom feed for a Spamhaus list which is located at https://www.spamhaus.org/drop/asndrop.txt.
This ASN feed is not supported by pfBlockerNG. I have intentions to add a parser for it, but it has never had that parser before.
Maybe there was an IP in that txt file at one point, that the parser found, and you assumed that it was working?