Cannot update lists in pblockerNG..Help?



  • Hello,

    I recently upgrade my system to version 2.2.3 (Clean install)

    and I wanted to setup my block lists using IBlocklist.com data.

    I went to the IPv4 tab on pfblockerNG, entered an Alias name, went to the section IPv4 Lists, chose gz as my format, opened a new tab and logged into iblocklist, chose cidr and gz as my format…went to the Level1 list copied the url and pasted it into my newly created Alias on pfblockerNG and gave it a header name of Level1 (no spaces)... I repeated this process for Level2 and Level3.
    I saved the configuration and waited for the Cron job to execute the update.

    Upon viewing the log files for pfblockerNG I have the following output:
    [ pfB_IBlock Level1 ] Download FAIL [ 07/19/15 10:00:12 ]
    grep: /var/db/pfblockerng/deny/: No such file or directory
    grep: /var/db/pfblockerng/deny/
    : No such file or directory

    [ Level2 ] Downloading New File
    [ pfB_IBlock Level2 ] Download FAIL [ 07/19/15 10:00:15 ]
    grep: /var/db/pfblockerng/deny/: No such file or directory
    grep: /var/db/pfblockerng/deny/
    : No such file or directory

    [ Level3 ] Downloading New File
    [ pfB_IBlock Level3 ] Download FAIL [ 07/19/15 10:00:18 ]
    grep: /var/db/pfblockerng/deny/: No such file or directory
    grep: /var/db/pfblockerng/deny/
    : No such file or directory

    ===[  Aliastables / Rules  ]================================

    No Changes to Firewall Rules, Skipping Filter Reload
    No Changes to Aliases, Skipping pfctl Update

    From here I opened up a new browser tab and pasted in one of the links for the gz files from iblocklist and the file downloaded with no problems.

    I do see that within the log files an entry: "grep: /var/db/pfblockerng/deny/*: No such file or directory"

    Is this the problem? No such directory?…. Should the installation of pfblockerNG have created this directory?

    Thank you for any and all input on how to resolve this.

    Sincerely,
    Kell


  • Moderator

    For IBlock use "P2P" and "GZ" format.

    There are other better lists to use :
    https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975



  • hi,

    i too am getting the download fail… i have 2 ipv4 lists

    http://bgp.he.net/search?search[search]=facebook&commit=Search

    and

    http://bgp.he.net/search?search[search]=spotify&commit=Search

    i tried to disable pfblockerng and removed the tick mark on keep settings then clicked save and placed a enabled pfblockerng but i still get the same error.

    tia


  • Banned

    What "same error"? The lists you linked are "HTML" format.



  • i was referring to the downloading failed…

    prior to pfblockerng i had a cron job which queries the radb.net database then saves it to a text file... i added that text file to the pfblockerng list and it works... i was able to manually access the two sites in the list... but for some reason, having pfblockerng is having problems downloading the output of the site... i checked the pfblockerng logs and i couldn't find any detailed info as to why this is happening..



  • update…. i think my machine got blocked from accessing the bhe server... here's a snippet from the pfblockerng.log... will stick to the cron job for now

    [ spotify_he_net ] Downloading New File looking up bgp.he.net
    connecting to bgp.he.net:80
    requesting http://bgp.he.net/search?search[search]=spotify&commit=Search

    403 Forbidden

    Forbidden
    You don't have permission to access /search
    on this server.

    Apache/2.4.7 (Ubuntu) Server at bgp.he.net Port 80

    fetch: http://bgp.he.net/search?search[search]=spotify&commit=Search: Forbidden

    [ pfB_audiostream spotify_he_net ] Download FAIL [ 07/22/15 12:00:11 ]


  • Moderator

    To download from HE, you need to select the format as "html" or it will fail to download.

    Disable this list for 24hrs as HE is denying access (rate-limiting) because you probably have this list attempting to download every hour using the wrong download format.



  • thanks for the input… turned off HE from the list and will turn it back on as suggested...

    the list was actually working since i created the list last 7/15/15 but stopped working on 7/18/15... schedule was set to daily... will try setting to weekly and see if i get blocked again...

    thanks for making a great package!!! now i only have to use packages from the pfsense list... no need to download the whois package for freebsd anymore!!!


Log in to reply