pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!

BBcan177 · Jan 1, 2020, 11:39 PM

pfBlockerNG users

If you use the GeoIP functionality of pfBlockerNG or if you use the "IP Reputation" component of pfBlockerNG or if you want to continue to see the Country for IP blocked events in the Reports Tab, then you must register for a free MaxMind account and obtain a License key.

As per MaxMind Blog:
https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/

Starting December 30, 2019, we will be requiring users of our GeoLite2 databases to register for a MaxMind account and obtain a license key in order to download GeoLite2 databases. We will continue to offer the GeoLite2 databases without charge, and with the ability to redistribute with proper attribution and in compliance with privacy regulations. In addition, we are introducing a new end-user license agreement to govern your use of the GeoLite2 databases. Previously, GeoLite2 databases were accessible for download to the public on our developer website and were licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.Starting December 30, 2019, downloads will no longer be served from our public GeoLite2 page, from geolite.maxmind.com/download/geoip/database/*, or from any other public URL. See the section below for steps on how to migrate to the new download mechanism.

INSTRUCTIONS:

Sign up for a MaxMind account at: [ Registration should be done ASAP ]
https://www.maxmind.com/en/geolite2/signup

Note: They seem to not allow registrations from "VPN IPs" or using single-use email addresses.

login-to-view

Click "Generate new license key"

login-to-view

Enter a "License key description", Select "yes" for "GeoIP Update", and select the License key for "version 3.1.1 or newer" and confirm.

login-to-view

Copy/paste the new "License Key" into pfBlockerNG

pfBlockerNG - General Tab
pfBlockerNG-devel - IP Tab

Note: When pasting, ensure there are no trailing spaces. Best to paste "as plain text"

login-to-view

===========================================

The new code (PRs) to support these changes is currently under review by the pfSense devs and should hopefully be available soon.

pfBlockerNG v2.1.4_19
https://github.com/pfsense/FreeBSD-ports/pull/734

pfBlockerNG-devel v2.2.5_28
https://github.com/pfsense/FreeBSD-ports/pull/738

===========================================

Next pfBlockerNG Cron runs to update MaxMind databases:

MaxMind generally updates on the first Tuesday of each month.

pfBlockerNG v2.1.4_18 and below is set to update on January 7th, 2020

pfBlockerNG-devel v2.2.5_27 and below is set to update on January 9th, 2020

Going forward both pfBlockerNG and pfBlockerNG-devel will update on the first Thursday of each month since there have been some short delays by MaxMind.

===========================================

Any issues or feedback, please let me know.

Continue to follow here in the pfSense forum and on Twitter [ @bbcan177 ], Reddit [ /r/pfBlockerNG ]
and Patreon for upcoming changes to pfBlockerNG.

Thanks!

Jan 2, 2020, 12:16 AM

Thank You!

NegativeEntropy · Jan 2, 2020, 10:26 AM

This kind of rapid response and support is why I use Patreon to support this package. Nice work BBcan!

spud · Jan 2, 2020, 10:54 AM

Ok I've been here

https://www.maxmind.com/en/geolite2/signup

And done this

"Generate new license key"

Then go to

pfBlockerNG-devel - IP Tab

to

Copy/paste the new "License Key" into pfBlockerNG

I can't find anywhere to paste this license key.

So am I missing something here or what?

Thanks

NogBadTheBad · Jan 2, 2020, 10:57 AM

Need to wait till the new pfBlockerNG update is out.

spud · Jan 2, 2020, 10:59 AM

Right don't remember reading that anywhere, thanks...

jacotec · Jan 2, 2020, 2:10 PM

Awesome support as usual :-)
I just hope that Netgate does not take too long to review the package ...

Gertjan · Jan 2, 2020, 2:25 PM

@jacotec said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!:

I just hope that Netgate does not take too long to review the package ...

It's a package.
I guess @BBcan177 pushes out an update as soon as he finished writing and testing.

jacotec · Jan 2, 2020, 2:26 PM

@Gertjan He already pushed it ;-)
Netgate just needs to approve it ...

NogBadTheBad · Jan 2, 2020, 6:05 PM

Now available.

havastamas · Jan 2, 2020, 6:12 PM

@NogBadTheBad im using pfBlockerNG-devel 2.2.5_27 version, but i cant see the update in the package manager.

NogBadTheBad · Jan 2, 2020, 6:19 PM

@havastamas

login-to-view

Maybe wait a short while.

mcury · Jan 2, 2020, 6:20 PM

I just updated, already put my license key and it's working.

havastamas · Jan 2, 2020, 6:31 PM

@NogBadTheBad Maybe because im using 2.4.x development version? (2.4.5?)

dragoangel · Jan 2, 2020, 8:18 PM

Their cloudflare antiddos such pain. Doesn't know why but it has half hour to register. Auch

NogBadTheBad · Jan 2, 2020, 9:01 PM

@havastamas

Maybe.

SteveITS · Jan 2, 2020, 11:19 PM

They mention "up to 25 keys"...do you happen to know if we need a separate key for each router, if we have more than one?

dragoangel · Jan 2, 2020, 11:25 PM

@teamits it's more about control over your account API usage. So it up to you to decide how much control you need. 1 key per software or 1 key per hardware instance or one key for all. If you directly know where you use it fine. When time is come to rotate the keys you want not to miss where you was used them :)

dougs · Jan 3, 2020, 12:07 AM

So I went ahead and installed pfBlockerNG 2.1.4_19 on my pfsense 2.4.4-RELEASE-p3 machine and signed up for an account with MaxMind and obtained a license key. I started downloading from MaxMind and am running into an issue with extracting data from the tarred database.

 UPDATE PROCESS START [ 01/02/20 15:29:54 ]

===[  DNSBL Process  ]================================================

  DNSBL: Flush DNSBL_IP
Clearing all DNSBL Feeds...  completed
Validating database... completed
Reloading Unbound.... completed
DNSBL update [ 0 | PASSED  ]... completed [ 01/02/20 15:29:55 ]
------------------------------------------

===[  Continent Process  ]============================================

MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...

Download Process Starting [ 01/02/20 15:29:55 ]
 /usr/local/share/GeoIP/GeoLite2-Country.tar.gz		200 OK
. /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip		200 OK
.tar: Failed to set default locale
tar: Failed to set default locale

Download Process Ended [ 01/02/20 15:29:56 ]

Country code update Start
 [ MAXMIND UPDATE FAIL, Language File Missing, using previous Country code database ]
 Creating pfBlockerNG Continent XML files
 IPv4 Africa			
grep: /usr/local/share/GeoIP/cc/Africa_v4.txt: No such file or directory
 IPv6 Africa			
grep: /usr/local/share/GeoIP/cc/Africa_v6.txt: No such file or directory
 IPv4 Antarctica		
grep: /usr/local/share/GeoIP/cc/Antarctica_v4.txt: No such file or directory
 IPv6 Antarctica		
grep: /usr/local/share/GeoIP/cc/Antarctica_v6.txt: No such file or directory
 IPv4 Asia			
grep: /usr/local/share/GeoIP/cc/Asia_v4.txt: No such file or directory
 IPv6 Asia			
grep: /usr/local/share/GeoIP/cc/Asia_v6.txt: No such file or directory
 IPv4 Europe			
grep: /usr/local/share/GeoIP/cc/Europe_v4.txt: No such file or directory
 IPv6 Europe			
grep: /usr/local/share/GeoIP/cc/Europe_v6.txt: No such file or directory
 IPv4 North America		
grep: /usr/local/share/GeoIP/cc/North_America_v4.txt: No such file or directory
 IPv6 North America		
grep: /usr/local/share/GeoIP/cc/North_America_v6.txt: No such file or directory
 IPv4 Oceania			
grep: /usr/local/share/GeoIP/cc/Oceania_v4.txt: No such file or directory
 IPv6 Oceania			
grep: /usr/local/share/GeoIP/cc/Oceania_v6.txt: No such file or directory
 IPv4 South America		
grep: /usr/local/share/GeoIP/cc/South_America_v4.txt: No such file or directory
 IPv6 South America		
grep: /usr/local/share/GeoIP/cc/South_America_v6.txt: No such file or directory
 IPv4 Proxy and Satellite	
grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v4.txt: No such file or directory
 IPv6 Proxy and Satellite	
grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v6.txt: No such file or directory
 IPv4 TOP 20			
grep: /usr/local/share/GeoIP/cc/Top_20_v4.info: No such file or directory
 IPv6 TOP 20			
grep: /usr/local/share/GeoIP/cc/Top_20_v6.info: No such file or directory
 pfBlockerNG Reputation Tab
Country Code Update Ended



===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED [ 01/02/20 15:29:56 ]

[2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP: ls -la
total 24332
drwxr-xr-x   3 root  wheel       512 Jan  2 14:49 .
drwxr-xr-x  44 root  wheel      1024 Jan  2 14:42 ..
-rw-r--r--   1 root  wheel  16645188 Dec 31 08:32 GeoLite2-Country-CSV.zip.orig
-rw-r--r--   1 root  wheel   1981295 Jan  2 15:29 GeoLite2-Country-CSV.zip.raw
-rw-r--r--   1 root  wheel   4034560 Dec 31 08:32 GeoLite2-Country.tar.gz.orig
-rw-r--r--   1 root  wheel   2044326 Jan  2 15:29 GeoLite2-Country.tar.gz.raw
drwxr-xr-x   2 root  wheel       512 Jan  2 14:42 cc
[2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP: cd cc
[2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP/cc: ls -la
total 8
drwxr-xr-x  2 root  wheel  512 Jan  2 14:42 .
drwxr-xr-x  3 root  wheel  512 Jan  2 14:49 ..
[2.4.4-RELEASE][admin@host.example.org]/usr/local/share/GeoIP/cc:

It appears the files have been downloaded but not untarred. The error appears to have to do with setting up the default locale for the tar command. The language on pfsense is set to English and so is MaxMind localization language. What do I need to do to fix this?

~Doug

BBcan177 · Jan 3, 2020, 12:30 AM

@dougs
Can you try uninstalling pfBlockerNG and trying pfBlockerNG-devel?