Not able to edit GEOIP in pFBlockerNG

DarkKnight 0 · Nov 21, 2023, 4:15 AM

for some reason the edit (Pencil) icon is missing in the GEOIP tab of pFBlockerNG,

Why?

Have the MaxMind key - I have registered with MaxMind since I tested pFsense a while ago, it seems to have accepted my key, besides I deleted my old keys and generate new keys just in case.

is the a bug ? running version 3.2.0.x.x login-to-view

johnpoz · Nov 21, 2023, 4:43 AM

@DarkKnight-0 and what happens when you go here

pfblockerng/pfblockerng_Top_Spammers.php

After your pfsense address.. http(s):://ipaddress:port/ or whatever you use to access pfsense.. For example mine is

https://sg4860.local.lan:8443

So full url for editing top spammers for me is

https://sg4860.local.lan:8443/pfblockerng/pfblockerng_Top_Spammers.php

Could just be a browser issue?

DarkKnight 0 · Nov 21, 2023, 4:04 PM

This post is deleted!

DarkKnight 0 · Nov 21, 2023, 4:27 PM

This post is deleted!

DarkKnight 0 · Nov 21, 2023, 4:31 PM

@johnpoz Pretty sure it is not a browser issue. Tried several browsers (Firefox, Chrome, Opera, Safari, Edge) even throe in IE for giggles

but all report this from the url you gave me

http://myaddress:8085/pfblockerng/pfblockerng_Top_Spammers.php - have not installed SSL or setup HTTPS yet still testing and configuring

login-to-view

DarkKnight 0 · Nov 21, 2023, 4:33 PM

@johnpoz Also tried this to see if the page was actually on the system and it is not

login-to-view

I do not know what else to look for

johnpoz · Nov 21, 2023, 4:41 PM

@DarkKnight-0 well if the pages are not there, then that would explain why you can't edit..

I doubt the maxmind key has anything to do with the pages being there. What specific version of pfsense are you on, and what version of pfblocker?

If your missing pages like that, I would guess your install got of package is messed up.. Do a reinstall or uninstall and reinstall it, etc..

I am on 23.09 with 3.2.0_6, just the normal version not the -devel version... I recall seeing something awhile ago that they are now inline and no real reason to run -devel currently.

jrey · Nov 21, 2023, 7:14 PM

@DarkKnight-0

Have you looked in the log files ?

pfblockerng.log
error.log
extras.log
maxmind_ver

DarkKnight 0 · Nov 21, 2023, 7:19 PM

@johnpoz You are 100% correct after digging I found the log directory and cat'd the log file and found out that there was an error connecting and downloading MaxMind database. The log file indicated the the re1 link was bouncing up and down causing a 401 unauthorized error.

Fix (should have listened) removed the RealTek R8169D lan adapter and added a inter I27HT nic to the NUC, so now I have 2 intel NIC's
Loaded Partition Wizard and wiped the hard disk, the did a clean install, re-configured from screenshot and now in the log I get

login-to-view

and now I have the (Pencil) icon

login-to-view

Thank you for your suggestion. the link you posted gave me path to search and from there I just connected the dots

THANK YOU

SteveITS · Nov 21, 2023, 7:47 PM

@DarkKnight-0 said in Not able to edit GEOIP in pFBlockerNG:

http://myaddress:8085/pfblockerng/pfblockerng_Top_Spammers.php -

You wrote this, but your image with the 404 has
http://myaddress:8085/pfblockerng/pfblockerng/pfblockerng_Top_Spammers.php
:)

DarkKnight 0 · Nov 22, 2023, 12:33 AM

@SteveITS You are correct I did not see that. but either way it would not have worked as I was having a driver issue with RealTek NIC's switched to Intel's and most if not all errors in the log(s) are gone. Beside because of the NIC error GEOIP never got install correctly. it never downloaded the file(s) or database so either way I would have gotten a 401 or 404

One other rabbit I had to chase was Firewall Maximum Table Entries issue had to increase it from 40000 to 4000000 to stop the allocation error messages, got that resolve. from the log I was at 798000 with all the GEOIP and other stuff selected. Once I learn what I need and what is just my insanity I change it.

I believe I am up and running have no ideal of how protected I am. Still learning how to interpret the logs. I see allot of blocks, and allot of pass but the pass are from loopback and DNS (53) and a few others but the passes are only out going. from what I can tell all inbound are blocked and blocked even on the open ports I specified to be open ( special rule ) to allow only a specific range of IP's to pass to those ports, same as the Zywall USG20-VPN but as the Zywall GUI was easier, but limited. pFsense is more granular, but seem more effect. Kinda of like the Cisco PIX, it just understanding the syntax (pFsense) and the flow. I think I am getting there.

This forum is great, getting support for the Zywall (well I'll be nice) is like pulling your teeth out with pliers. The cost kept going up but the option kept going down. I have been paying for 1 GB for almost 2 years but because of the Zywall I was like getting 300 MBPS. Bought the USG60 to only find out it was not any better in throughput and the only way for ! GB was the buy business class, and the the VPN clients and the the Content Filter and then the Anti-Spam, but those are yearly cost and not one time license. Most of the License(s) on my Zywall were expired, just to expensive to maintain. I got the Zywall because of work, needed to be secure,

Well anyway sorry for rambling on, but this forum rocks. Easy to get answers and very informative.

I thank you
Dark Knight out.