Problem updating Alias native hourly


  • Hello,

    First of all, let me thank for this amaizing tool which is pfBLockerNG. It's not the only reason but for me is the most important one, to use pfSense.

    I've been dealing with an issue with the auto Alias update from quite some time. Because I've added this new Alias Native after upgrading to version 3.0.0.X, I dont know if the problem was inserted with this version or if it existed before (or if it is a problem actually...)

    So I'm using an WAN ingress Alias Native firewall rule, that requires and hourly update, because the idea behind it is to allow my mobile phone IP to access some ports that need to be open, but I dont want to expose them to any other IP other than my phone (yes I do have OpenVPN setup, but this is different please try to understand it :) ).
    The mobile IP address does not change that frequently (I was quite surprise to maintain the same IP address sometimes for more than 24h) but eventually it does change.

    So I've made a Native Alias, of whois type, so that a given domain (ddns) is converted in a IP address, and then with the respetive firewall allow rule, the phone has access to the services in my LAN.

    What i've detected is that when my phone IP changes, and of course, after updating the DNS (dynamic dns - theres an app that detects that the IP changes and does updates the domain), even though the CRON settins in general tab are set to Hourly updates, and the Alias it self are also set up to hourly refresh, the Alias does not get updated with the new IP address, even when more that 2 ou 3 hours has passed, but only when I force Reload the IP.

    I'll try to show it in pictures, first my settings, that the Cron log:

    General:
    485ee941-32df-4407-aef0-5b20b990998e-image.png

    IP -> IPv4:
    68db0e05-f9ba-4a72-b2e0-800166ae93e6-image.png

    Alias details (pic 1):
    0bbecac8-116e-458d-890b-02ac4717a604-image.png

    Alias details (pic 2):
    e5b1e229-d4dd-4e1f-baf8-b0d08ec453d7-image.png

    Alias on /var/db/pfblockerng/native:
    e91d1520-0194-463d-aab9-336cd8556ef9-image.png

    Alias on /var/db/aliastables:
    b0e20dee-e398-42e8-849d-2f9aa8ab1ba7-image.png

    exert of the log:

    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    
     Updating: pfB_PRI1_v4
    794 addresses added.837 addresses deleted.
     Updating: pfB_PRI2_v4
    1 addresses added.
     Updating: pfB_PRI4_v4
    112 addresses added.2 addresses deleted.
     Updating: pfB_PRI3_v4
    no changes.
     Updating: pfB_BlockListDE_v4
    5 addresses added.10 addresses deleted.
     Updating: pfB_Whitelist_v4
    no changes.
     Updating: pfB_WAN_allow_2_v4
    no changes.
     Updating: pfB_WAN_allow_1_v4
    no changes.
     Updating: pfB_WAN_allow_3_v4
    no changes.
    
    ===[  Kill States  ]==================================================
    
    Firewall state(s) validation for [ 87 ] IPv4 address(es)...
    No matching states found
    
    ======================================================================
    
    ===[ FINAL Processing ]=====================================
    
       [ Original IP count   ]  [ 62451 ]
    
       [ Final IP Count  ]  [ 27227 ]
    
    
    ===[ Permit List IP Counts ]=========================
    
          11 /var/db/pfblockerng/permit/Whitelist_custom_v4.txt
    
    ===[ Deny List IP Counts ]===========================
    
       27229 total
       12226 /var/db/pfblockerng/deny/CINS_army_v4.txt
        3700 /var/db/pfblockerng/deny/BBC_C2_v4.txt
        2974 /var/db/pfblockerng/deny/ET_Comp_v4.txt
        2337 /var/db/pfblockerng/deny/BlockListDE_Apache_v4.txt
        1494 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt
        1099 /var/db/pfblockerng/deny/CCT_IP_v4.txt
         986 /var/db/pfblockerng/deny/ET_Block_v4.txt
         611 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt
         595 /var/db/pfblockerng/deny/Talos_BL_v4.txt
         457 /var/db/pfblockerng/deny/BDS_Ban_v4.txt
         342 /var/db/pfblockerng/deny/Alienvault_v4.txt
         239 /var/db/pfblockerng/deny/MaxMind_BD_Proxy_v4.txt
          74 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt
          65 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt
          25 /var/db/pfblockerng/deny/HoneyPot_IPs_v4.txt
           2 /var/db/pfblockerng/deny/ISC_Block_v4.txt
           1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt
           1 /var/db/pfblockerng/deny/MDL_v4.txt
           1 /var/db/pfblockerng/deny/Abuse_IPBL_v4.txt
    
    ===[ Native List IP Counts ] ===================================
    
        1022 total
         988 /var/db/pfblockerng/native/PT_v4.txt
          29 /var/db/pfblockerng/native/AS12353_Vdf_PT_v4.txt
           1 /var/db/pfblockerng/native/iphone_ap_v4.txt
           1 /var/db/pfblockerng/native/WAN_allow_1_custom_v4.txt
           1 /var/db/pfblockerng/native/VPS_Ger_dns_v4.txt
           1 /var/db/pfblockerng/native/VPS_Bel_dns_v4.txt
           1 /var/db/pfblockerng/native/MEO_Belverde_v4.txt
    
    ====================[ Empty Lists w/127.1.7.7 ]==================
    
    Abuse_IPBL_v4.txt
    MDL_v4.txt
    Spamhaus_Drop_v4.txt
    
    ===[ DNSBL Domain/IP Counts ] ===================================
    
     1445306 total
     1125991 /var/db/pfblockerng/dnsbl/hosts_oisd_nl.txt
       83837 /var/db/pfblockerng/dnsbl/Abuse_urlhaus.txt
       83036 /var/db/pfblockerng/dnsbl/CoinBlocker_All.txt
       38939 /var/db/pfblockerng/dnsbl/anudeepND.txt
       33539 /var/db/pfblockerng/dnsbl/AntiSocial_BD.txt
       18523 /var/db/pfblockerng/dnsbl/Cameleon.txt
       16510 /var/db/pfblockerng/dnsbl/MDS.txt
       11612 /var/db/pfblockerng/dnsbl/EasyList.txt
        8941 /var/db/pfblockerng/dnsbl/Adaway.txt
        6918 /var/db/pfblockerng/dnsbl/SWC.txt
        4092 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt
        4050 /var/db/pfblockerng/dnsbl/Spam404.txt
        2931 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
        1897 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt
        1834 /var/db/pfblockerng/dnsbl/StevenBlack_BD.txt
        1547 /var/db/pfblockerng/dnsbl/MDS_Immortal.txt
         568 /var/db/pfblockerng/dnsbl/CoinBlocker_Opt.txt
         359 /var/db/pfblockerng/dnsbl/OpenPhish.txt
          69 /var/db/pfblockerng/dnsbl/Yoyo.txt
          54 /var/db/pfblockerng/dnsbl/Ponmocup.txt
          39 /var/db/pfblockerng/dnsbl/MVPS.txt
          18 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt
           1 /var/db/pfblockerng/dnsbl/MoneroMiner.txt
           1 /var/db/pfblockerng/dnsbl/EasyList_Portuguese.txt
           0 /var/db/pfblockerng/dnsbl/firehol_level4.txt
           0 /var/db/pfblockerng/dnsbl/firehol_level3.txt
           0 /var/db/pfblockerng/dnsbl/NoCoin.txt
           0 /var/db/pfblockerng/dnsbl/MDL.txt
           0 /var/db/pfblockerng/dnsbl/ISC_SDL.txt
           0 /var/db/pfblockerng/dnsbl/D_Me_Malw.txt
           0 /var/db/pfblockerng/dnsbl/D_Me_Malv.txt
           0 /var/db/pfblockerng/dnsbl/BBC_Masters.txt
    
    ====================[ IPv4/6 Last Updated List Summary ]==============
    
    Oct 18	20:16	Abuse_IPBL_v4
    Nov 12	22:17	MDL_v4
    Dec 13	21:57	VPS_Ger_dns_v4
    Dec 13	21:57	VPS_Bel_dns_v4
    Dec 13	22:04	MEO_Belverde_v4
    Dec 16	23:00	Spamhaus_Drop_v4
    Dec 17	03:11	Spamhaus_eDrop_v4
    Dec 17	05:30	ET_Block_v4
    Dec 17	05:30	ET_Comp_v4
    Dec 17	23:45	home_v4
    Dec 18	00:47	HoneyPot_IPs_v4
    Dec 18	00:47	AS12353_Vdf_PT_v4
    Dec 18	00:47	PT_v4
    Dec 18	06:45	MaxMind_BD_Proxy_v4
    Dec 18	14:28	ISC_Block_v4
    Dec 18	16:25	Whitelist_custom_v4
    Dec 18	16:25	WAN_allow_1_custom_v4
    Dec 18	16:30	iphone_ap_v4
    Dec 18	16:58	ISC_1000_30_v4
    Dec 18	17:22	CINS_army_v4
    Dec 18	17:23	BBC_C2_v4
    Dec 18	17:34	BDS_Ban_v4
    Dec 18	17:34	BlockListDE_Apache_v4
    Dec 18	17:41	Alienvault_v4
    Dec 18	18:15	Abuse_SSLBL_v4
    Dec 18	18:15	Abuse_Feodo_C2_v4
    Dec 18	18:15	Talos_BL_v4
    Dec 18	18:15	CCT_IP_v4
    
    ====================[ DNSBL Last Updated List Summary ]==============
    
    Jul 31	2015	D_Me_Tracking
    Oct 21	2019	MDS_Immortal
    Feb 1	2020	D_Me_ADs
    Jul 10	23:22	D_Me_Malw
    Jul 10	23:22	D_Me_Malv
    Aug 13	23:35	MDS
    Oct 18	20:15	AntiSocial_BD
    Oct 18	20:16	Spam404
    Oct 18	20:16	MoneroMiner
    Oct 18	20:16	NoCoin
    Nov 6	12:09	CoinBlocker_All
    Nov 6	12:09	CoinBlocker_Opt
    Nov 12	22:17	MDL
    Nov 23	00:17	StevenBlack_BD
    Dec 14	00:46	anudeepND
    Dec 14	06:39	SWC
    Dec 15	07:25	Cameleon
    Dec 15	08:07	MVPS
    Dec 17	01:59	ISC_SDL
    Dec 17	09:47	Yoyo
    Dec 17	18:00	Adaway
    Dec 17	20:27	Ponmocup
    Dec 17	23:37	hosts_oisd_nl
    Dec 18	00:00	SFS_Toxic_BD
    Dec 18	00:00	OpenPhish
    Dec 18	00:27	BBC_Masters
    Dec 18	00:31	EasyList
    Dec 18	00:32	EasyList_Portuguese
    Dec 18	00:32	EasyPrivacy
    Dec 18	00:40	Abuse_urlhaus
    Dec 18	00:46	firehol_level3
    Dec 18	00:46	firehol_level4
    ===============================================================
    
    Database Sanity check [  PASSED  ]
    ------------------------
    Masterfile/Deny folder uniq check
    Deny folder/Masterfile uniq check
    
    Sync check (Pass=No IPs reported)
    ----------
    
    Alias table IP Counts
    -----------------------------
       28262 total
       22729 /var/db/aliastables/pfB_PRI1_v4.txt
        2337 /var/db/aliastables/pfB_BlockListDE_v4.txt
        1581 /var/db/aliastables/pfB_PRI4_v4.txt
         988 /var/db/aliastables/pfB_WAN_allow_3_v4.txt
         342 /var/db/aliastables/pfB_PRI2_v4.txt
         240 /var/db/aliastables/pfB_PRI3_v4.txt
          32 /var/db/aliastables/pfB_WAN_allow_2_v4.txt
          11 /var/db/aliastables/pfB_Whitelist_v4.txt
           2 /var/db/aliastables/pfB_WAN_allow_1_v4.txt
    
    pfSense Table Stats
    -------------------
    table-entries hard limit  2000000
    Table Usage Count         29609
    
     UPDATE PROCESS ENDED [ 12/18/20 18:15:40 ]
    

    Am I doing something wrong?

    Thanks.


  • @xppx99 Why do you use Alias Native ? You could probably use a regular Firewall Rule instead of using a pfBlockerNG alias.

    Did you use the same Domain redacted.ddns.net in the Source Definition AND the Custom List ? Use one or the other to see if that make a difference.


  • Agreed this seems like you're doing it the hard way. A normal firewall alias can use an FQDN:
    "Enter as many hosts as desired. Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated..."


  • Thank you both for the sugestion. Already implemented it and it's working great!