Project

General

Profile

Actions

Bug #14299

closed

pfBlockerNG does not honor the cURL source interface setting for DNSBL lists

Added by Charles Hamilton over 1 year ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.11
Affected Version:
All
Affected Plus Version:
23.01
Affected Architecture:
All

Description

Pull request to fix the problem is on its way.


Files

pfb_download-modified.png (57.5 KB) pfb_download-modified.png pfb_download function, modified Charles Hamilton, 04/21/2023 04:13 PM
update-log.png (24.8 KB) update-log.png pfBlockerNG update log, empty source interface Charles Hamilton, 04/21/2023 04:15 PM
Actions #2

Updated by Charles Hamilton over 1 year ago

More details:

https://redmine.pfsense.org/issues/12882#change-59903

The cURL interface can be specified via the WUI but the setting is ignored because the srcint variable is never defined during DNSBL list processing. You can see this in action by printing the value of srcint via the pfb_download function (screenshot attached: pfb_download-modified.png ). The srcint variable is empty when downloading DNSBL lists (attached screenshot: update-log.png ), which prevents the list from being downloaded if this feature is required. The PR linked in my previous comment fixes this problem.

Actions #3

Updated by Charles Hamilton over 1 year ago

This morning I noticed the following:

 CRON  PROCESS  START [ v3.2.0_4 ] [ 04/23/23 08:00:00 ]
[ IPv4_PASS_Exceptions_v4 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:01:09 ]
Connection timeout after 15016 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:01:29 ]
Connection timeout after 15003 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:01:49 ]
Connection timeout after 15006 ms |IPv4_PASS_Exceptions_v4|https://URL_REDACTED/IPv4_PASS_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv4_BLOCK_Exceptions_v4 ] [ 04/23/23 08:01:54 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:03:04 ]
Connection timeout after 15002 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:03:24 ]
Connection timeout after 15015 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:03:44 ]
Connection timeout after 15015 ms |IPv4_BLOCK_Exceptions_v4|https://URL_REDACTED/IPv4_BLOCK_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv6_PASS_Exceptions_v6 ] [ 04/23/23 08:03:49 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:04:58 ]
Connection timeout after 15007 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:05:18 ]
Connection timeout after 15014 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:05:38 ]
Connection timeout after 15016 ms |IPv6_PASS_Exceptions_v6|https://URL_REDACTED/IPv6_PASS_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv6_BLOCK_Exceptions_v6 ] [ 04/23/23 08:05:43 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:06:52 ]
Connection timeout after 15007 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:07:12 ]
Connection timeout after 15022 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:07:32 ]
Connection timeout after 15016 ms |IPv6_BLOCK_Exceptions_v6|https://URL_REDACTED/IPv6_BLOCK_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped

I missed this part of the update process when making my changes on Friday, so I'm closing my previous pull request (https://github.com/pfsense/FreeBSD-ports/pull/1251) and opening another one.

EDIT: Done! Here's the new PR: https://github.com/pfsense/FreeBSD-ports/pull/1252

Actions #4

Updated by Charles Hamilton 5 months ago

This has issue has been open for over a year and the original pull request is no longer valid so I've closed it, made the necessary changes, and opened another one: https://github.com/pfsense/FreeBSD-ports/pull/1379. This has been tested with pfBlockerNG v3.2.0_8 and v.3.2.0_7 (the latter on a production device).

Actions #5

Updated by Marcos M 3 months ago

  • Subject changed from pfBlockerNG does not honor the cURL source interface setting for DNSBL lists. to pfBlockerNG does not honor the cURL source interface setting for DNSBL lists
  • Status changed from New to Resolved
  • Target version set to 2.8.0
  • % Done changed from 0 to 100
  • Plus Target Version set to 24.08
Actions #6

Updated by Jim Pingle 2 months ago

  • Plus Target Version changed from 24.08 to 24.11
Actions

Also available in: Atom PDF