pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!
-
pfBlockerNG users
If you use the GeoIP functionality of pfBlockerNG or if you use the "IP Reputation" component of pfBlockerNG or if you want to continue to see the Country for IP blocked events in the Reports Tab, then you must register for a free MaxMind account and obtain a License key.
As per MaxMind Blog:
https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/Starting December 30, 2019, we will be requiring users of our GeoLite2 databases to register for a MaxMind account and obtain a license key in order to download GeoLite2 databases. We will continue to offer the GeoLite2 databases without charge, and with the ability to redistribute with proper attribution and in compliance with privacy regulations. In addition, we are introducing a new end-user license agreement to govern your use of the GeoLite2 databases. Previously, GeoLite2 databases were accessible for download to the public on our developer website and were licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.Starting December 30, 2019, downloads will no longer be served from our public GeoLite2 page, from geolite.maxmind.com/download/geoip/database/*, or from any other public URL. See the section below for steps on how to migrate to the new download mechanism.
INSTRUCTIONS:
-
Sign up for a MaxMind account at: [ Registration should be done ASAP ]
https://www.maxmind.com/en/geolite2/signupNote: They seem to not allow registrations from "VPN IPs" or using single-use email addresses.
- Click "Generate new license key"
- Enter a "License key description", Select "yes" for "GeoIP Update", and select the License key for "version 3.1.1 or newer" and confirm.
-
Copy/paste the new "License Key" into pfBlockerNG
pfBlockerNG - General Tab
pfBlockerNG-devel - IP TabNote: When pasting, ensure there are no trailing spaces. Best to paste "as plain text"
===========================================
The new code (PRs) to support these changes is currently under review by the pfSense devs and should hopefully be available soon.
pfBlockerNG v2.1.4_19
https://github.com/pfsense/FreeBSD-ports/pull/734pfBlockerNG-devel v2.2.5_28
https://github.com/pfsense/FreeBSD-ports/pull/738===========================================
Next pfBlockerNG Cron runs to update MaxMind databases:
MaxMind generally updates on the first Tuesday of each month.
pfBlockerNG v2.1.4_18 and below is set to update on January 7th, 2020
pfBlockerNG-devel v2.2.5_27 and below is set to update on January 9th, 2020
Going forward both pfBlockerNG and pfBlockerNG-devel will update on the first Thursday of each month since there have been some short delays by MaxMind.
===========================================
Any issues or feedback, please let me know.
Continue to follow here in the pfSense forum and on Twitter [ @bbcan177 ], Reddit [ /r/pfBlockerNG ]
and Patreon for upcoming changes to pfBlockerNG.Thanks!
-
-
Thank You!
-
This kind of rapid response and support is why I use Patreon to support this package. Nice work BBcan!
-
Ok I've been here
https://www.maxmind.com/en/geolite2/signup
And done this
"Generate new license key"
Then go to
pfBlockerNG-devel - IP Tab
to
Copy/paste the new "License Key" into pfBlockerNG
I can't find anywhere to paste this license key.
So am I missing something here or what?
Thanks
-
Need to wait till the new pfBlockerNG update is out.
-
Right don't remember reading that anywhere, thanks...
-
Awesome support as usual :-)
I just hope that Netgate does not take too long to review the package ... -
@jacotec said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!:
I just hope that Netgate does not take too long to review the package ...
It's a package.
I guess @BBcan177 pushes out an update as soon as he finished writing and testing. -
@Gertjan He already pushed it ;-)
Netgate just needs to approve it ... -
Now available.
-
@NogBadTheBad im using pfBlockerNG-devel 2.2.5_27 version, but i cant see the update in the package manager.
-
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
I just updated, already put my license key and it's working.
dead on arrival, nowhere to be found.
-
@NogBadTheBad Maybe because im using 2.4.x development version? (2.4.5?)
-
Their cloudflare antiddos such pain. Doesn't know why but it has half hour to register. Auch
-
Maybe.
-
They mention "up to 25 keys"...do you happen to know if we need a separate key for each router, if we have more than one?
-
@teamits it's more about control over your account API usage. So it up to you to decide how much control you need. 1 key per software or 1 key per hardware instance or one key for all. If you directly know where you use it fine. When time is come to rotate the keys you want not to miss where you was used them :)
-
So I went ahead and installed pfBlockerNG 2.1.4_19 on my pfsense 2.4.4-RELEASE-p3 machine and signed up for an account with MaxMind and obtained a license key. I started downloading from MaxMind and am running into an issue with extracting data from the tarred database.
UPDATE PROCESS START [ 01/02/20 15:29:54 ] ===[ DNSBL Process ]================================================ DNSBL: Flush DNSBL_IP Clearing all DNSBL Feeds... completed Validating database... completed Reloading Unbound.... completed DNSBL update [ 0 | PASSED ]... completed [ 01/02/20 15:29:55 ] ------------------------------------------ ===[ Continent Process ]============================================ MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ... Download Process Starting [ 01/02/20 15:29:55 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 200 OK . /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK .tar: Failed to set default locale tar: Failed to set default locale Download Process Ended [ 01/02/20 15:29:56 ] Country code update Start [ MAXMIND UPDATE FAIL, Language File Missing, using previous Country code database ] Creating pfBlockerNG Continent XML files IPv4 Africa grep: /usr/local/share/GeoIP/cc/Africa_v4.txt: No such file or directory IPv6 Africa grep: /usr/local/share/GeoIP/cc/Africa_v6.txt: No such file or directory IPv4 Antarctica grep: /usr/local/share/GeoIP/cc/Antarctica_v4.txt: No such file or directory IPv6 Antarctica grep: /usr/local/share/GeoIP/cc/Antarctica_v6.txt: No such file or directory IPv4 Asia grep: /usr/local/share/GeoIP/cc/Asia_v4.txt: No such file or directory IPv6 Asia grep: /usr/local/share/GeoIP/cc/Asia_v6.txt: No such file or directory IPv4 Europe grep: /usr/local/share/GeoIP/cc/Europe_v4.txt: No such file or directory IPv6 Europe grep: /usr/local/share/GeoIP/cc/Europe_v6.txt: No such file or directory IPv4 North America grep: /usr/local/share/GeoIP/cc/North_America_v4.txt: No such file or directory IPv6 North America grep: /usr/local/share/GeoIP/cc/North_America_v6.txt: No such file or directory IPv4 Oceania grep: /usr/local/share/GeoIP/cc/Oceania_v4.txt: No such file or directory IPv6 Oceania grep: /usr/local/share/GeoIP/cc/Oceania_v6.txt: No such file or directory IPv4 South America grep: /usr/local/share/GeoIP/cc/South_America_v4.txt: No such file or directory IPv6 South America grep: /usr/local/share/GeoIP/cc/South_America_v6.txt: No such file or directory IPv4 Proxy and Satellite grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v4.txt: No such file or directory IPv6 Proxy and Satellite grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v6.txt: No such file or directory IPv4 TOP 20 grep: /usr/local/share/GeoIP/cc/Top_20_v4.info: No such file or directory IPv6 TOP 20 grep: /usr/local/share/GeoIP/cc/Top_20_v6.info: No such file or directory pfBlockerNG Reputation Tab Country Code Update Ended ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDED [ 01/02/20 15:29:56 ][2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP: ls -la total 24332 drwxr-xr-x 3 root wheel 512 Jan 2 14:49 . drwxr-xr-x 44 root wheel 1024 Jan 2 14:42 .. -rw-r--r-- 1 root wheel 16645188 Dec 31 08:32 GeoLite2-Country-CSV.zip.orig -rw-r--r-- 1 root wheel 1981295 Jan 2 15:29 GeoLite2-Country-CSV.zip.raw -rw-r--r-- 1 root wheel 4034560 Dec 31 08:32 GeoLite2-Country.tar.gz.orig -rw-r--r-- 1 root wheel 2044326 Jan 2 15:29 GeoLite2-Country.tar.gz.raw drwxr-xr-x 2 root wheel 512 Jan 2 14:42 cc [2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP: cd cc [2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP/cc: ls -la total 8 drwxr-xr-x 2 root wheel 512 Jan 2 14:42 . drwxr-xr-x 3 root wheel 512 Jan 2 14:49 .. [2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP/cc:It appears the files have been downloaded but not untarred. The error appears to have to do with setting up the default locale for the tar command. The language on pfsense is set to English and so is MaxMind localization language. What do I need to do to fix this?
~Doug
-
@dougs
Can you try uninstalling pfBlockerNG and trying pfBlockerNG-devel?
