Bug #14299: pfBlockerNG does not honor the cURL source interface setting for DNSBL lists - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #14299

closed

pfBlockerNG does not honor the cURL source interface setting for DNSBL lists

Added by Charles Hamilton over 1 year ago. Updated about 1 month ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

pfBlockerNG

Target version:

pfSense - 2.8.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

24.11

Affected Version:

All

Affected Plus Version:

23.01

Affected Architecture:

All

Description

Pull request to fix the problem is on its way.

Files

Download all files

pfb_download-modified.png (57.5 KB) pfb_download-modified.png	pfb_download function, modified	Charles Hamilton, 04/21/2023 04:13 PM
update-log.png (24.8 KB) update-log.png	pfBlockerNG update log, empty source interface	Charles Hamilton, 04/21/2023 04:15 PM

Actions

Copy link

Updated by Charles Hamilton over 1 year ago

Pull request: https://github.com/pfsense/FreeBSD-ports/pull/1251

Actions

Copy link

Updated by Charles Hamilton over 1 year ago

File pfb_download-modified.png pfb_download-modified.png added
File update-log.png update-log.png added

More details:

https://redmine.pfsense.org/issues/12882#change-59903

The cURL interface can be specified via the WUI but the setting is ignored because the srcint variable is never defined during DNSBL list processing. You can see this in action by printing the value of srcint via the pfb_download function (screenshot attached: pfb_download-modified.png ). The srcint variable is empty when downloading DNSBL lists (attached screenshot: update-log.png ), which prevents the list from being downloaded if this feature is required. The PR linked in my previous comment fixes this problem.

Actions

Copy link

Updated by Charles Hamilton over 1 year ago

This morning I noticed the following:

 CRON  PROCESS  START [ v3.2.0_4 ] [ 04/23/23 08:00:00 ]
[ IPv4_PASS_Exceptions_v4 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:01:09 ]
Connection timeout after 15016 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:01:29 ]
Connection timeout after 15003 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:01:49 ]
Connection timeout after 15006 ms |IPv4_PASS_Exceptions_v4|https://URL_REDACTED/IPv4_PASS_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv4_BLOCK_Exceptions_v4 ] [ 04/23/23 08:01:54 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:03:04 ]
Connection timeout after 15002 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:03:24 ]
Connection timeout after 15015 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:03:44 ]
Connection timeout after 15015 ms |IPv4_BLOCK_Exceptions_v4|https://URL_REDACTED/IPv4_BLOCK_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv6_PASS_Exceptions_v6 ] [ 04/23/23 08:03:49 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:04:58 ]
Connection timeout after 15007 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:05:18 ]
Connection timeout after 15014 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:05:38 ]
Connection timeout after 15016 ms |IPv6_PASS_Exceptions_v6|https://URL_REDACTED/IPv6_PASS_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped
[ IPv6_BLOCK_Exceptions_v6 ] [ 04/23/23 08:05:43 ]
                                ( md5 feed )             cURL Error: 28 [ 04/23/23 08:06:52 ]
Connection timeout after 15007 ms Retry [1] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:07:12 ]
Connection timeout after 15022 ms Retry [2] in 5 seconds...
. cURL Error: 28 [ 04/23/23 08:07:32 ]
Connection timeout after 15016 ms |IPv6_BLOCK_Exceptions_v6|https://URL_REDACTED/IPv6_BLOCK_Exceptions.txt| Retry [3] in 5 seconds...
.. Unknown Failure Code [0] 
        Failed to download Feed for md5 comparison!     Update skipped

I missed this part of the update process when making my changes on Friday, so I'm closing my previous pull request (https://github.com/pfsense/FreeBSD-ports/pull/1251) and opening another one.

EDIT: Done! Here's the new PR: https://github.com/pfsense/FreeBSD-ports/pull/1252

Actions

Copy link

Updated by Charles Hamilton 4 months ago

This has issue has been open for over a year and the original pull request is no longer valid so I've closed it, made the necessary changes, and opened another one: https://github.com/pfsense/FreeBSD-ports/pull/1379. This has been tested with pfBlockerNG v3.2.0_8 and v.3.2.0_7 (the latter on a production device).

Actions

Copy link

Updated by Marcos M 2 months ago

Subject changed from pfBlockerNG does not honor the cURL source interface setting for DNSBL lists. to pfBlockerNG does not honor the cURL source interface setting for DNSBL lists
Status changed from New to Resolved
Target version set to 2.8.0
% Done changed from 0 to 100
Plus Target Version set to 24.08

Actions

Copy link

Updated by Jim Pingle about 1 month ago

Plus Target Version changed from 24.08 to 24.11

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #14299

pfBlockerNG does not honor the cURL source interface setting for DNSBL lists

Updated by Charles Hamilton over 1 year ago

Updated by Charles Hamilton over 1 year ago

Updated by Charles Hamilton over 1 year ago

Updated by Charles Hamilton 4 months ago

Updated by Marcos M 2 months ago

Updated by Jim Pingle about 1 month ago