pfBlockerNG demands MaxMind license key
-
@steveits
My guess is that somewhere you have a GeoIP enabled. Check to ensure that each GeoIP is disabled, and that you didn't add a "GeoIP" Format in one of the IPv4/6 Feeds? Also ensure that the Reputation settings are disabled. -
hmm
Have not enabled reputation but https://[router]/pfblockerng/pfblockerng_reputation.php shows a 404 page. 3.0.0_8 is installed. Haven't actually enabled reputation anywhere yet, haven't gotten around to playing with it. :) This router's on 2.4.5p1 and it looks like I can update to _10.
I posted above but we normally block geo inbound and this client doesn't have any inbound ports open, so this may be first where we set up pfB and didn't set up geo.
-
@steveits
Does this return any results?grep "geoip" /conf/config.xmlAnd check that you don't have a blank space in the MaxMind Key field.
-
@bbcan177
nope. :)
and:
<maxmind_key></maxmind_key> -
Possible workaround after a brief off-thread conversation: I set GeoIP Top Spammers to Alias Native and then disabled it again. I then manually ran the cron entry "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> /var/log/pfblockerng/extras.log 2>&1" and it didn't log the alert into extras.log like the others. If I don't post back in a month it worked. :) Also there will be an update coming at some point, though we'd have to get current to update.
-
Hi,
I'm having the same issue on at least 5 pfsense firewalls with pfBlockerNG-devel v3.0.0_16.
IP -> MaxMind CSV Updates: checked to disable!
IP -> GeoIP -> everything disabled (even toggled and resaved these settings!)
IP -> IPv4 -> no format "GeoIP" (only "Auto")still getting notification:
"MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. Download failed!"I can reproduce it with:
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dccHow can I get rid of this? I don't need GeoIP at all.
Regards
Dennis -
Apparently it is the "binary GeoIP update" thats still producing the notification...
I think I misunderstood the settings (maybe others also did):The option "check to disable" states that it does NOT affect binary update.
At first I concluded that binary update therefore does NOT need a license.
But it DOES also need a license, right!?The binary update always tries to load files from maxmind, no matter what setting.
I checked with:
"/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php bu"
and also got the license notification.So the binary update currently cannot be disabled?
Maybe this could be made configurable in a next version?As a workaround for now I just entered a random character as license key and the notifications seem to be gone...
Regards
Dennis -
I looked at this router to see what pfB version we had upgraded to (3.0.0_16) since my last post. It had the error showing as an alert, but apparently the email credentials had changed so we weren't getting the email. :( Sorry for not reporting it was still occurring, I thought we'd fixed it. The odd thing is the credentials didn't change until early June I think which implies we didn't get an alert email in early May and possibly early June. Possibly it came back after upgrading pfSense to 21.05? Looks like that was 10 days ago.
-
I dug up the old chats. There was eventually a code fix.
"Edit /usr/local/pkg/pfblockerng/pfblockerng.inc
[Diagnostics/Edit File]Edit Line 9527
From:
if ($pfb['enable'] == 'on') {
To:
if ($pfb['enable'] == 'on' && !empty($pfb['maxmind_key'])) {
Then Force Update and it should remove that Cron task"
This was to be in 3.0.0_17 which isn't out yet.
-
@steveits
Thank you. Indeed this works nicely.
Probably you overwrote that change with the upgrade to 3.0.0_16 ?If this code change will be added in the next version, I suggest to also add a hint that an empty license key will deactivate all GeoIP auto updates...
Regards
Dennis
