pfBlockerNG rule download failure log entry- false positive?
-
I am seeing all my entries for my DNSBL feeds as erroring out, specifically with the message:
[ DNSBL_AfunList - AfunList ] Download FAIL [ 01/10/20 03:03:00 ] Firewall and/or IDS are not blocking download. Restoring previously downloaded file
However, when I ls -la the files under /var/db/pfblockerng/dnsbl I see they have all been accessed at that time.
Further, if I remove one of the feed files corresponding to the list in the dnsbl directory (in this case, AfunList.txt) and then force a manual update through Firewall -> pfBlockerNG -> Update) the feed file is successfully downloaded and restored.
Also, I can view the feed lists in a browser, so they are clearly up.
Any idea why this is being reported as an error? Is this some kind of false positive?
-
File are downloaded in /var/db/pfblockerng/dnsblorig.
At Cron Update, when the URL is triggered to download, it will download it. In case of failure, it will use existing dnsbl file to continue.
During a Reload, the DNSBL db is built reading the .orig files and results are put in /var/db/pfblockerng/dnsbl. It's possible that the files are not downloaded during a reload. Inspect the pfblockerNG.log file to see what is done.
Can you access the URL for AfunList in a browser?
-
I was not aware of the role of the .orig files. I tried clearing both (AfunList.orig from /var/db/pfblockerng/dnsblorig and AfunList.txt in /var/db/pfblockerng/dnsbl) and then force updating DNSBL. Both the orig and txt files were regenerated from the list feed
As far as I can tell, the feed is correctly synced.
@RonpfS said in pfBlockerNG rule download failure log entry- false positive?:
Can you access the URL for AfunList in a browser?
Yes.
So I'm not sure why the log is reporting an error