pfBlockerNG-devel v3.1.0_0
-
This post is deleted! -
I can not update the UT1 & ShallaList categories.
my log is allways this:
UPDATE PROCESS START [ v3.1.0 ] [ 10/26/21 16:25:00 ] ===[ DNSBL Process ]================================================ Clearing all DNSBL Feeds TLD Analysis not required. Stopping Unbound Resolver Unbound stopped in 1 sec. Additional mounts (DNSBL python): No changes required. Starting Unbound Resolver... completed Restarting DNSBL Service (DNSBL python) DNSBL update [ 0 | PASSED ]... completed [ 10/26/21 16:25:01 ] ------------------------------------------------------------------------ ===[ GeoIP Process ]============================================ ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDED
any one can help me?
-
@miquim said in pfBlockerNG-devel v3.1.0_0:
any one can help me?
Looks like this :
isn't checked, right ?
The message "Clearing all DNSBL Feeds" is showed under one condition :
// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled
as in that case there is nothing to do.
-
@gertjan said in pfBlockerNG-devel v3.1.0_0:
@miquim said in pfBlockerNG-devel v3.1.0_0:
any one can help me?
Looks like this :
isn't checked, right ?
The message "Clearing all DNSBL Feeds" is showed under one condition :
// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled
as in that case there is nothing to do.
no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.
and get same error
-
@miquim said in pfBlockerNG-devel v3.1.0_0:
@gertjan said in pfBlockerNG-devel v3.1.0_0:
@miquim said in pfBlockerNG-devel v3.1.0_0:
any one can help me?
Looks like this :
isn't checked, right ?
The message "Clearing all DNSBL Feeds" is showed under one condition :
// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled
as in that case there is nothing to do.
no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.
and get same error
i found the problem, I need to create this dnsbl group like this and it worked.
-
Any word on safe search allowing duckduckgo? It appears it doesn't work.
-
Hi
I have some challanges with pfBlockerNG on version 22.05.
I have 2 pfSense were i have a custom IPv4 source defination.
On one of my pfSense it does not update the entire list on my other it does.
They are sync the settings to eachother so it has the same configuration.
Any idea why this might go bad?
It seems that pfSense 1 is just stuck on some cache or some "obsolete" listpfSense 1 log
Alias table IP Counts18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txtpfSense 2 log
Alias table IP Counts19042 total
16635 /var/db/aliastables/pfB_PRI1_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt -
Do a Force reload, and look at what the log, at the bottom of the page, produces.
Even when I asked athe files didn't get reloaded again :
... ====================[ DNSBL Last Updated List Summary ]============== Oct 3 00:00 DNSBL_174618 Dec 5 00:00 UT1_gambling Dec 5 00:00 UT1_games Dec 5 00:00 UT1_phishing Dec 5 00:00 UT1_warez Dec 5 00:00 StevenBlack_ADs =============================================================== ...
Note : where I live, its December 7.
So, it might be possible that files on your two pfSense are not 100 % identical.
This behaviour is normal. List don't get reloaded every hours or so as this (xx thousands of pfBlockerng-devel are running out there) would destroy the web servers that hosts these files.Btw : I've demanded to update my one and only DNSBL list Weekly, as these lists do not get updated massively every hour or day and I don't bother missing one or two.
-
@gertjan
My custom list needs to be adjusted more than once an hour :)Bottom of the log file:
====================[ DNSBL Last Updated List Summary ]==============Nov 29 00:00 StevenBlack_ADs
Database Sanity check [ PASSED ]
Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq checkSync check (Pass=No IPs reported)
Alias table IP Counts
18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txtpfSense Table Stats
table-entries hard limit 400000
Table Usage Count 159353UPDATE PROCESS ENDED [ 12/7/22 13:03:18 ]
-
You didn't show what I've showed you.
The part with the dates and hour.I've tricked my pfblockerng-devel by forcing it to download the lists again.
I've deleted all the files in /var/db/pfblockerng/dnsblorig/
Then I did a force reload.
It showed :====================[ DNSBL Last Updated List Summary ]============== Dec 7 13:37 UT1_gambling Dec 7 13:37 UT1_games Dec 7 13:37 UT1_phishing Dec 7 13:37 UT1_warez Dec 7 13:37 StevenBlack_ADs ===============================================================
Done ;)
-
@gertjan
So this one?
====================[ IPv4/6 Last Updated List Summary ]==============Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Nov 30 14:00 CompusoftCustomers_v4
Dec 7 13:03 3CX_ServerPublic_custom_v4 -
Yep.
Rookie mode : Delete them all - and sync pfblocker
Better be safe then sorry : copy them on a safe place and then delete them all, and sync pfblockerBtw : Dec 7 13:03 3CX_ServerPublic_custom_v4 (your own list ?) seems recent enough.
Other lists : if they didn't changed, they won't get downloaded (I guess ?!)
-
@gertjan
I removed the list. And added it again. This works.
But if i go and add an IP to the list an run the job it doesn't get updated :/There should be 1278 and 1276 in /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
I can also see that it seems like it doesn't get updated from when i create it to i update it.
But my 3CX_ServerPublic_custom_v4 seems to be updated everytime. This is an Alias Native. and not a list.====================[ IPv4/6 Last Updated List Summary ]==============
Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Dec 7 21:21 CustomersGateway_v4
Dec 7 21:23 CompusoftCustomers_v4
Dec 7 21:35 3CX_ServerPublic_custom_v4====================[ DNSBL Last Updated List Summary ]==============
Nov 29 00:00 StevenBlack_ADs
Database Sanity check [ PASSED ]
Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq checkSync check (Pass=No IPs reported)
Alias table IP Counts
20550 total
17997 /var/db/aliastables/pfB_PRI1_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txtpfSense Table Stats
table-entries hard limit 400000
Table Usage Count 161000UPDATE PROCESS ENDED [ 12/7/22 21:35:30 ]
-
@ksh said in pfBlockerNG-devel v3.1.0_0:
But if i go and add an IP to the list an run the job it doesn't get updated :/
You posted (now) 11 hours ago. It's 08h00 AM here.
The last time that your file was downloaded, was :
@ksh said in pfBlockerNG-devel v3.1.0_0:
Dec 7 21:35 3CX_ServerPublic_custom_v4
That's also some 11 hours ago.
That file seems pretty up to date to me.If you set pfBlockerng to do house hold tasks every hour :
and set your list ( I showed a DNSBL list here ) to be downloaded every hour :
then this file will ... should (?!) get downloaded every hour.
In your case, as you host this file yourself, that's ok, you' hitting your infrastructure.
I strongly advice you not to do this for any other feed/list that is on a host that you do not own. -
@gertjan
I have figured it out now.
I was running the reload command and not the cron command.
When i run the cron command it updates the list in the firewall.
And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day.
Thanks for the help -