pfSense » pfSense Packages

This affects both IP and DNSBL lists.

1 - Set pfblockerNG to daily cron, once a day.
2 - Set lists to daily, once a day.
3 - When pfblockerng runs, either via cron or forced, and if a .orig file already exists, the log merely states file exists and it moves on, it will never ever download an update from upstrea,.
4 - When setting the list update frequency to hourly, this will make pfblockerng fetch an update whilst on daily cron, however it will only fetch the update and not process it.
5 - To make it process updates, then set pfblockerng to at least twice daily on the cron, whilst xombined with hourly list updates. This makes it work, but with a odd bugged work flow, it will fetch the update on the first cron run for the day, then 12 hours late on the 2nd run the downloaded file will be processed and put into live configuration.
6 - Another way to force updates on daily cron is to delete the .orig files which forces an upstream fetch, although would still need at least twice daily cron for it to be processed.

This behaviour I have been aware off for over a year, so its a long standing bug. I have repeated it on multiple pfSense installations, both in test VM and bare bones hardware.

Marking as urgent as its a nasty bug, no warning is presented, the logs dont even indicate an error, so the operator of the firewall, will think their lists are getting updated when they not.