pfBlockerNG rule download failure log entry- false positive?



  • I am seeing all my entries for my DNSBL feeds as erroring out, specifically with the message:

    [ DNSBL_AfunList - AfunList ] Download FAIL [ 01/10/20 03:03:00 ]
     Firewall and/or IDS are not blocking download.
    
     Restoring previously downloaded file
    

    However, when I ls -la the files under /var/db/pfblockerng/dnsbl I see they have all been accessed at that time.

    Further, if I remove one of the feed files corresponding to the list in the dnsbl directory (in this case, AfunList.txt) and then force a manual update through Firewall -> pfBlockerNG -> Update) the feed file is successfully downloaded and restored.

    Also, I can view the feed lists in a browser, so they are clearly up.

    Any idea why this is being reported as an error? Is this some kind of false positive?



  • File are downloaded in /var/db/pfblockerng/dnsblorig.

    At Cron Update, when the URL is triggered to download, it will download it. In case of failure, it will use existing dnsbl file to continue.

    During a Reload, the DNSBL db is built reading the .orig files and results are put in /var/db/pfblockerng/dnsbl. It's possible that the files are not downloaded during a reload. Inspect the pfblockerNG.log file to see what is done.

    Can you access the URL for AfunList in a browser?



  • I was not aware of the role of the .orig files. I tried clearing both (AfunList.orig from /var/db/pfblockerng/dnsblorig and AfunList.txt in /var/db/pfblockerng/dnsbl) and then force updating DNSBL. Both the orig and txt files were regenerated from the list feed

    As far as I can tell, the feed is correctly synced.

    @RonpfS said in pfBlockerNG rule download failure log entry- false positive?:

    Can you access the URL for AfunList in a browser?

    Yes.

    So I'm not sure why the log is reporting an error


Log in to reply