pfBlockerNG demands MaxMind license key

SteveITS

I've set up pfBlockerNG-devel and MaxMind many times. Recently we set up a client's router and are using pfBlockerNG-devel 3.0.0_8 for the feeds but no geo blocking. Accordingly MaxMind License Key is blank, and "Check to disable MaxMind CSV updates" is checked. However on Feb 4 and Mar 4 an alert triggered:

10:00:00 MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. Download failed!

How do I disable the download? Do I need to sign them up anyway? Put in a space or fake key?

Last entry in pfblockerng.log is 6:30 am as expected. The maxmind_ver and error.log logs don't exist.

Thanks,

RonpfS

@teamits See pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!

SteveITS

Hmm, all the default entries on the GeoIP tab are disabled (since I haven't set anything up). The IPv4 feeds are set to Format: Auto, not GeoIP. (it just has some block feeds like DROP)

I don't mind setting up a MaxMind account, I just didn't think it necessary.

Plus why is it triggering at 10:00 am monthly and not during the daily pfBlocker update window?

https://forum.netgate.com/topic/149343/pfblockerng-maxmind-registration-required-to-continue-to-use-the-geoip-functionality/55 suggests upgrading to -devel (by context I think from non-devel) but 3.0.0_8 is the latest for 2.4.5.

RonpfS

@teamits said in pfBlockerNG demands MaxMind license key:

Plus why is it triggering at 10:00 am monthly and not during the daily pfBlocker update window?

That is the montly update.
In config.xml what does this looks like :

				<maxmind_geoipdb_key>IsThereAKeyHere?</maxmind_geoipdb_key>

SteveITS

Oh so it only runs monthly? Didn't realize that or that it had its own update window. Never cared much before. :) That explains why the feeds default to Never I suppose, but I just assumed all that was updated during the update window.

I don't have that entry at all. The closest I have is:

<maxmind_key/>

The only instance of "geo" in the exported config is in the pfBlocker text description. ("...GeoIP database by MaxMind Inc. (GeoLite2...")

Perhaps the update check triggers the alert before it realizes it shouldn't do the update?

I found the alert in extras.log:
Download Process Starting [ 03/04/21 10:00:00 ]
MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. Download failed!Download Process Ended [ 03/04/21 10:00:01 ]

Looking at our own router it triggers roughly monthly but not the same date and always "on the hour" but not the same hour...11am, 8pm, etc. However the latest was today at 10:00:00 also.

RonpfS

@teamits Random hour, updated at the start of the month. Check the cron entry.

Try saving IP settings, force Update, maybe that will pickup the change.

SteveITS

Still getting the alert.
10:00:00 MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. Download failed!

@BBcan177 Is there a way to disable the license key check if geoIP isn't being used?

TL,DR: MaxMind License Key is blank, and "Check to disable MaxMind CSV updates" is checked.

BBcan177

@steveits
My guess is that somewhere you have a GeoIP enabled. Check to ensure that each GeoIP is disabled, and that you didn't add a "GeoIP" Format in one of the IPv4/6 Feeds? Also ensure that the Reputation settings are disabled.

SteveITS

hmm

Have not enabled reputation but https://[router]/pfblockerng/pfblockerng_reputation.php shows a 404 page. 3.0.0_8 is installed. Haven't actually enabled reputation anywhere yet, haven't gotten around to playing with it. :) This router's on 2.4.5p1 and it looks like I can update to _10.

I posted above but we normally block geo inbound and this client doesn't have any inbound ports open, so this may be first where we set up pfB and didn't set up geo.

BBcan177

@steveits
Does this return any results?

grep "geoip" /conf/config.xml

And check that you don't have a blank space in the MaxMind Key field.

SteveITS

@bbcan177
nope. :)
and:
<maxmind_key></maxmind_key>

SteveITS

Possible workaround after a brief off-thread conversation: I set GeoIP Top Spammers to Alias Native and then disabled it again. I then manually ran the cron entry "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> /var/log/pfblockerng/extras.log 2>&1" and it didn't log the alert into extras.log like the others. If I don't post back in a month it worked. :) Also there will be an update coming at some point, though we'd have to get current to update.

dneuhaeuser

Hi,

I'm having the same issue on at least 5 pfsense firewalls with pfBlockerNG-devel v3.0.0_16.

IP -> MaxMind CSV Updates: checked to disable!
IP -> GeoIP -> everything disabled (even toggled and resaved these settings!)
IP -> IPv4 -> no format "GeoIP" (only "Auto")

still getting notification:
"MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information. Download failed!"

I can reproduce it with:
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc

How can I get rid of this? I don't need GeoIP at all.

Regards
Dennis

dneuhaeuser

Apparently it is the "binary GeoIP update" thats still producing the notification...
I think I misunderstood the settings (maybe others also did):

The option "check to disable" states that it does NOT affect binary update.
At first I concluded that binary update therefore does NOT need a license.
But it DOES also need a license, right!?

The binary update always tries to load files from maxmind, no matter what setting.
I checked with:
"/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php bu"
and also got the license notification.

So the binary update currently cannot be disabled?
Maybe this could be made configurable in a next version?

As a workaround for now I just entered a random character as license key and the notifications seem to be gone...

Regards
Dennis

SteveITS

I looked at this router to see what pfB version we had upgraded to (3.0.0_16) since my last post. It had the error showing as an alert, but apparently the email credentials had changed so we weren't getting the email. :( Sorry for not reporting it was still occurring, I thought we'd fixed it. The odd thing is the credentials didn't change until early June I think which implies we didn't get an alert email in early May and possibly early June. Possibly it came back after upgrading pfSense to 21.05? Looks like that was 10 days ago.

SteveITS

I dug up the old chats. There was eventually a code fix.

"Edit /usr/local/pkg/pfblockerng/pfblockerng.inc
[Diagnostics/Edit File]

Edit Line 9527

From:

if ($pfb['enable'] == 'on') {

To:

if ($pfb['enable'] == 'on' && !empty($pfb['maxmind_key'])) {

Then Force Update and it should remove that Cron task"

This was to be in 3.0.0_17 which isn't out yet.

dneuhaeuser

@steveits
Thank you. Indeed this works nicely.
Probably you overwrote that change with the upgrade to 3.0.0_16 ?

If this code change will be added in the next version, I suggest to also add a hint that an empty license key will deactivate all GeoIP auto updates...

Regards
Dennis