Can't tell if pfBlocker is being updated
-
pfBlocker 2.1.2_3
pfSense 2.4.3-RELEASE-p1
I can't update pfBlocker without updating pfSense and I can't take the unit offline for a while. If I need to wait until the update I will.The problem:
I'm not sure if pfBlocker is updating or not. When I force the update I get:UPDATE PROCESS START [ 09/19/19 09:36:27 ] ===[ DNSBL Process ]================================================ Clearing all DNSBL Feeds... completed Validating database... Skipped Reloading Unbound.... completed DNSBL update [ 0 | PASSED ]... completed [ 09/19/19 09:36:30 ] ------------------------------------------ ===[ Continent Process ]============================================ [ pfB_Africa_v4 ] exists. [ 09/19/19 09:36:32 ] [ pfB_Africa_v6 ] exists. Could not open ISO [ 6255147_rep_v4 ] [ pfB_Asia_v4 ] exists. [ 09/19/19 09:36:33 ] [ pfB_Asia_v6 ] exists. [ 09/19/19 09:36:34 ] [ pfB_Europe_v4 ] exists. [ 09/19/19 09:36:36 ] [ pfB_Europe_v6 ] exists. [ 09/19/19 09:36:37 ] [ pfB_NAmerica_v4 ] exists. [ pfB_NAmerica_v6 ] exists. [ pfB_Oceania_v4 ] exists. Could not open ISO [ NF_v6 ] [ pfB_Oceania_v6 ] exists. [ 09/19/19 09:36:38 ] [ pfB_SAmerica_v4 ] exists. [ pfB_SAmerica_v6 ] exists. [ pfB_Top_v4 ] exists. [ 09/19/19 09:36:40 ] [ pfB_Top_v6 ] exists. Could not open ISO [ A1_6255147_rep_v4 ] Could not open ISO [ A1_GS_rep_v4 ] Could not open ISO [ A1_TF_rep_v4 ] Could not open ISO [ A2_6255147_rep_v4 ] Could not open ISO [ A2_GS_rep_v4 ] Could not open ISO [ A2_TF_rep_v4 ] [ pfB_PS_v4 ] exists. ===[ IPv4 Process ]================================================= [ Allow_List_custom ] exists. [ Whitelist_custom ] exists. ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDED [ 09/19/19 09:36:43 ]I get a lot of "Could not open ISO". If I do a grep of the entire /var/db/pfblockerng from the CLI I can't find my IP range anywhere, either. The main issue is that I have users that are traveling and accessing RDP remotely from across the country. I want to block all traffic except for USA stuff, but when I do that some are unable to connect, including from my office 5 miles away.
Second Question:
Is there a way to manually add IPs to a country? -
Wait & install pfBlockerNG-devel.
Allow the US then block everything else, looks like your doing it the other way round.
-
I'm having to do that since I can't just whitelist the USA. I'm having to block countries that I've seen attacks on the NATed ports and am now adding in IPs that aren't being blocked by the lists. Gotta stop them somehow. Does pfBlockerNG-devel use different lists?
-
Never used the older version but there are a lot of fixed issues in pfBlockerNG-devel.
I've never seen the issues your getting with pfBlockerNG-devel.
-
It does use GeoIP2:-
https://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/
-
Looks like they both use GeoIP database by MaxMind Inc. (GeoLite2 Free version). In fact, they both have the exact same description. No idea what the differences are.
-
@Stewart said in Can't tell if pfBlocker is being updated:
I'm having to do that since I can't just whitelist the USA. I'm having to block countries that I've seen attacks on the NATed ports and am now adding in IPs that aren't being blocked by the lists. Gotta stop them somehow. Does pfBlockerNG-devel use different lists?
Create an Alias Permit rule using the US GeoIP and apply it to the NAT rules, everything else would be denied by default.
You can also add IP addresses to the IPv4 Custom_List at the bottom.
Here's how I allow SSH / SFTP to my Raspberry Pi that sits in the DMZ.
