Country aliases are not created
-
... and yes I did force reload/cron/update. :-)
I just setup a new pfsense with pfBlockerNG-devel. IP Lists are working, rules are created. I did choose "Alias Permit" for some country/regions and was expecting the pfB_NorthAmerica etc. aliases to pop up to be used in the firewall rules. However that does not happen even after force reload.
Maxmind key is generated and stored in the config.
CRON PROCESS START [ v3.2.0_6 ] [ 09/12/23 08:08:36 ] [ Abuse_Feodo_C2_v4 ] Remote timestamp: Tue, 12 Sep 2023 06:05:07 GMT Local timestamp: Tue, 12 Sep 2023 05:45:05 GMT Update found [ Abuse_SSLBL_v4 ] Remote timestamp: Tue, 12 Sep 2023 06:05:01 GMT Local timestamp: Tue, 12 Sep 2023 05:45:01 GMT Update found [ CINS_army_v4 ] [ 09/12/23 08:08:37 ] Remote timestamp: Tue, 12 Sep 2023 04:18:14 GMT Local timestamp: Tue, 12 Sep 2023 04:18:14 GMT Update not required [ ET_Block_v4 ] Remote timestamp: Mon, 11 Sep 2023 04:30:01 GMT Local timestamp: Mon, 11 Sep 2023 04:30:01 GMT Update not required [ ET_Comp_v4 ] Remote timestamp: Mon, 11 Sep 2023 21:15:17 GMT Local timestamp: Mon, 11 Sep 2023 21:15:17 GMT Update not required [ ISC_Block_v4 ] [ 09/12/23 08:08:38 ] Remote timestamp: Tue, 12 Sep 2023 06:05:34 GMT Local timestamp: Tue, 12 Sep 2023 05:10:29 GMT Update found [ Spamhaus_Drop_v4 ] Remote timestamp: Mon, 11 Sep 2023 14:19:40 GMT Local timestamp: Mon, 11 Sep 2023 14:19:40 GMT Update not required [ Spamhaus_eDrop_v4 ] [ 09/12/23 08:08:39 ] Remote timestamp: Sun, 10 Sep 2023 02:50:12 GMT Local timestamp: Sun, 10 Sep 2023 02:50:12 GMT Update not required [ Talos_BL_v4 ] ( md5 feed ) . 200 OK ( md5 changed ) Update found [ BlockListDE_Apache_v4 ] [ 09/12/23 08:08:41 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_Asterisk_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:03 GMT Local timestamp: Tue, 12 Sep 2023 05:54:03 GMT Update not required [ BlockListDE_Bots_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:03 GMT Local timestamp: Tue, 12 Sep 2023 05:54:03 GMT Update not required [ BlockListDE_Brute_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:03 GMT Local timestamp: Tue, 12 Sep 2023 05:54:03 GMT Update not required [ BlockListDE_Email_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_FTP_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_FTPD_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_IMAP_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_IRC_v4 ] Update found [ BlockListDE_Mail_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_POP3_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_Postfix_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_SIP_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:03 GMT Local timestamp: Tue, 12 Sep 2023 05:54:03 GMT Update not required [ BlockListDE_SSH_v4 ] Remote timestamp: Tue, 12 Sep 2023 05:54:02 GMT Local timestamp: Tue, 12 Sep 2023 05:54:02 GMT Update not required [ BlockListDE_Strong_v4 ] [ 09/12/23 08:08:42 ] Remote timestamp: Tue, 12 Sep 2023 05:54:03 GMT Local timestamp: Tue, 12 Sep 2023 05:54:03 GMT Update not required [ Alienvault_v4 ] Remote timestamp: Fri, 12 Nov 2021 14:10:48 GMT Local timestamp: Fri, 12 Nov 2021 14:10:48 GMT Update not required UPDATE PROCESS START [ v3.2.0_6 ] ===[ DNSBL Process ]================================================ Loading DNSBL Statistics... completed Loading DNSBL SafeSearch... disabled Loading DNSBL Whitelist... completed [ StevenBlack_ADs ] exists. ===[ GeoIP Process ]============================================ ===[ IPv4 Process ]================================================= [ Abuse_Feodo_C2_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 3 3 3 [ Pass ] ----------------------------------------------------------------- [ Abuse_SSLBL_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 34 30 30 [ Pass ] ----------------------------------------------------------------- [ CINS_army_v4 ] exists. [ 09/12/23 08:08:43 ] [ ET_Block_v4 ] exists. [ ET_Comp_v4 ] exists. [ ISC_Block_v4 ] Downloading update .. 200 OK. completed .. Aggregation Stats: ------------------ Original Final ------------------ 40 19 ------------------ ------------------------------ Original Master Final ------------------------------ 20 4 4 [ Pass ] ----------------------------------------------------------------- [ Spamhaus_Drop_v4 ] exists. [ Spamhaus_eDrop_v4 ] exists. [ Talos_BL_v4 ] Downloading update . ( md5 feed ) . completed .. Aggregation Stats: ------------------ Original Final ------------------ 6563 6401 ------------------ Reputation (Max=10) - Range(s) 199.249.230.|117.211.52.|59.99.48.|59.99.50.|59.94.116.|117.194.196.|111.88.26.|111.88.27.|117.194.200.|117.194.201.|117.194.203.|117.194.207.|178.72.68.|178.72.78.|117.194.236.| Reputation -Max Stats ------------------------------ Blacklisted Match Ranges IPs Ranges IPs ------------------------------ 15 223 0 0 ------------------------------ Original Master Final ------------------------------ 6563 6142 6142 [ Pass ] ----------------------------------------------------------------- [ Whitelist_custom_v4 ] exists. [ 09/12/23 08:08:44 ] [ ISC_Errata_v4 ] exists. [ ISC_Onyphe_v4 ] exists. [ ISC_Rapid7Sonar_v4 ] exists. [ ISC_Shadowserver_v4 ] exists. [ ISC_Shodan_v4 ] exists. [ Maltrail_Scanners_All_v4 ] exists. [ WindowsSpyBlocker_v4 ] exists. [ BinaryDefense_v4 ] exists. [ BlockListDE_Apache_v4 ] exists. [ BlockListDE_Asterisk_v4 ] exists. [ BlockListDE_Bots_v4 ] exists. [ BlockListDE_Brute_v4 ] exists. [ BlockListDE_Email_v4 ] exists. [ BlockListDE_FTP_v4 ] exists. [ BlockListDE_FTPD_v4 ] exists. [ BlockListDE_IMAP_v4 ] exists. [ BlockListDE_IRC_v4 ] Downloading update .. 200 OK. completed .. [ pfB_BlockListDE_v4 BlockListDE_IRC_v4 ] No IPs found! Ensure only IP based Feeds are used! ] [ BlockListDE_Mail_v4 ] exists. [ BlockListDE_POP3_v4 ] exists. [ BlockListDE_Postfix_v4 ] exists. [ BlockListDE_SIP_v4 ] exists. [ BlockListDE_SSH_v4 ] exists. [ BlockListDE_Strong_v4 ] exists. [ Alienvault_v4 ] exists. ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_PRI1_v4 34 addresses added.410 addresses deleted. ===[ Kill States ]================================================== No matching states found ====================================================================== ===[ FINAL Processing ]===================================== [ Original IP count ] [ 82455 ] [ Final IP Count ] [ 31713 ] ===[ Permit List IP Counts ]========================= 1 /var/db/pfblockerng/permit/Whitelist_custom_v4.txt ===[ Deny List IP Counts ]=========================== 31721 total 15000 /var/db/pfblockerng/deny/CINS_army_v4.txt 6142 /var/db/pfblockerng/deny/Talos_BL_v4.txt 2827 /var/db/pfblockerng/deny/BlockListDE_Email_v4.txt 2405 /var/db/pfblockerng/deny/Maltrail_Scanners_All_v4.txt 1722 /var/db/pfblockerng/deny/BlockListDE_SSH_v4.txt 1316 /var/db/pfblockerng/deny/ET_Block_v4.txt 605 /var/db/pfblockerng/deny/Alienvault_v4.txt 342 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt 225 /var/db/pfblockerng/deny/ET_Comp_v4.txt 213 /var/db/pfblockerng/deny/BlockListDE_Apache_v4.txt 167 /var/db/pfblockerng/deny/WindowsSpyBlocker_v4.txt 156 /var/db/pfblockerng/deny/ISC_Shadowserver_v4.txt 135 /var/db/pfblockerng/deny/BinaryDefense_v4.txt 130 /var/db/pfblockerng/deny/BlockListDE_Bots_v4.txt 129 /var/db/pfblockerng/deny/ISC_Rapid7Sonar_v4.txt 78 /var/db/pfblockerng/deny/BlockListDE_FTP_v4.txt 43 /var/db/pfblockerng/deny/ISC_Onyphe_v4.txt 30 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 20 /var/db/pfblockerng/deny/ISC_Shodan_v4.txt 12 /var/db/pfblockerng/deny/BlockListDE_Asterisk_v4.txt 6 /var/db/pfblockerng/deny/ISC_Errata_v4.txt 4 /var/db/pfblockerng/deny/ISC_Block_v4.txt 3 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt 3 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Strong_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_SIP_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Postfix_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_POP3_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Mail_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_IMAP_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_FTPD_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Brute_v4.txt ====================[ Empty Lists w/127.1.7.7 ]================== BlockListDE_Brute_v4.txt BlockListDE_FTPD_v4.txt BlockListDE_IMAP_v4.txt BlockListDE_Mail_v4.txt BlockListDE_POP3_v4.txt BlockListDE_Postfix_v4.txt BlockListDE_SIP_v4.txt BlockListDE_Strong_v4.txt ===[ DNSBL Domain/IP Counts ] =================================== 193432 /var/db/pfblockerng/dnsbl/StevenBlack_ADs.txt ====================[ IPv4/6 Last Updated List Summary ]============== Nov 12 2021 Alienvault_v4 Sep 10 04:50 Spamhaus_eDrop_v4 Sep 11 06:30 ET_Block_v4 Sep 11 16:19 Spamhaus_Drop_v4 Sep 11 18:53 BinaryDefense_v4 Sep 11 23:15 ET_Comp_v4 Sep 12 06:18 CINS_army_v4 Sep 12 07:10 ISC_Block_v4 Sep 12 07:45 ISC_Shadowserver_v4 Sep 12 07:45 ISC_Rapid7Sonar_v4 Sep 12 07:45 ISC_Errata_v4 Sep 12 07:45 ISC_Onyphe_v4 Sep 12 07:49 ISC_Shodan_v4 Sep 12 07:49 Maltrail_Scanners_All_v4 Sep 12 07:54 BlockListDE_SSH_v4 Sep 12 07:54 BlockListDE_Postfix_v4 Sep 12 07:54 BlockListDE_POP3_v4 Sep 12 07:54 BlockListDE_Mail_v4 Sep 12 07:54 BlockListDE_IMAP_v4 Sep 12 07:54 BlockListDE_FTPD_v4 Sep 12 07:54 BlockListDE_FTP_v4 Sep 12 07:54 BlockListDE_Email_v4 Sep 12 07:54 BlockListDE_Apache_v4 Sep 12 07:54 BlockListDE_Strong_v4 Sep 12 07:54 BlockListDE_SIP_v4 Sep 12 07:54 BlockListDE_IRC_v4 Sep 12 07:54 BlockListDE_Brute_v4 Sep 12 07:54 BlockListDE_Bots_v4 Sep 12 07:54 BlockListDE_Asterisk_v4 Sep 12 07:56 Whitelist_custom_v4 Sep 12 07:56 WindowsSpyBlocker_v4 Sep 12 08:05 Abuse_SSLBL_v4 Sep 12 08:05 Abuse_Feodo_C2_v4 Sep 12 08:08 Talos_BL_v4 ====================[ DNSBL Last Updated List Summary ]============== Sep 12 07:30 StevenBlack_ADs =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 31722 total 23065 /var/db/aliastables/pfB_PRI1_v4.txt 4990 /var/db/aliastables/pfB_BlockListDE_v4.txt 2759 /var/db/aliastables/pfB_Scanners_v4.txt 605 /var/db/aliastables/pfB_PRI2_v4.txt 167 /var/db/aliastables/pfB_WindowsSpyBlockerIP_v4.txt 135 /var/db/aliastables/pfB_BinaryDefense_v4.txt 1 /var/db/aliastables/pfB_Whitelist_v4.txt pfSense Table Stats ------------------- table-entries hard limit 400000 Table Usage Count 32450 UPDATE PROCESS ENDED [ 09/12/23 08:08:45 ] -
@j-koopmann Just to be super clear an update is necessary not just a reload.
If you only want an alias then use Alias Native. Alias Permit creates rules to allow the traffic and IIRC requires ports to be specified in order to allow it.
-
@SteveITS if I choose the permit or deny options above the three alias options then rules are created. The alias options should simply create suitable aliases. At least that is what they do in my other pfsense.
-
@j-koopmann Sorry, brain fart, you're correct. Not enough coffee.
I also meant to add, are they enabled?
...or on the GeoIP page under Action.
-
@SteveITS Geoip actions.
-
@j-koopmann It is working for everyone else. If all the updates don't change the situation, I would un/re-install pfBlocker.
-
@Bob-Dig thanks. It is a fresh install of pfBlockerNG. Not sure what a uninstall/reinstall will do good about it. At least I would not expect a change. I rather hoped for someone with more in depth knowledge (@BBcan177
) to assist me in debugging.Will try to find the scripts that are being called and try to work my way through them. Sometimes it is something small&stupid or someone else faced the same thing. Hence my post.
Thanks so far for your input.
-
@j-koopmann said in Country aliases are not created:
Thanks so far for your input.
Hopefully he is working on the ASN-problem, that is not working for some weeks now.
-
@Bob-Dig ASN problem? Mind linking, didn't hear about this one and I think my ASN setup is working as it should.
@j-koopmann You may want to go ahead and reinstall it anyway, just to be sure, I believe this is working properly for everyone else and it doesn't take long to do a reinstall of the package so I'd just give that a shot to 100% rule it out.
-
@planedrop said in Country aliases are not created:
@Bob-Dig ASN problem? Mind linking, didn't hear about this one and I think my ASN setup is working as it should.
Check your tables, they should be empty.
-
@planedrop I reinstalled. No changed. I deinstalled and reinstalled: No change.
What is your log showing for "GeoIP process"?
My working pfSense:
===[ GeoIP Process ]============================================ [ pfB_Europe_v4 ] Changes found... Updating Aggregation Stats: ------------------ Original Final ------------------ 203640 60308 ------------------ [ pfB_Europe_v6 ] Changes found... Updating [ pfB_NAmerica_v4 ] Changes found... Updating Aggregation Stats: ------------------ Original Final ------------------ 192308 31885 ------------------My not working shows nothing like this. Which is in line with what I see. The question is: Why?
-
@Bob-Dig Hmmmm I'll have to do some more digging, issue is that some of the ASNs I have in place are duplicated from some other lists so while I don't see much from those ASNs in my tables, the de-dup would be doing just that.
I haven't seen others complaining about this but sounds like it's maybe widespread. Was this with the latest pfB update?
-
@j-koopmann Gotcha, hmmm that is odd. Mine has been creating them just fine, I'll check several other pfSense units I have running though and see if any others are having the same problem.
