|
dotdash
|
 |
« on: December 26, 2008, 02:40:09 pm » |
|
I updated a 1.2 system to 1.2.1 and shortly after found a client could not connect to us. I started digging around and found they were getting blocked by the bogon filter on the WAN. They were on a recently allocated block, 173.0.0.0/8. I never had a problem when running the 1.2 system, as it was regularly updating the bogons, but the upgrade put in an old version. Manually kicking the bogon updater resulted in one add and eleven deletes.
|
|
|
|
|
Logged
|
|
|
|
|
|
jahonix
|
|
« Reply #1 on: December 26, 2008, 08:18:21 pm » |
|
Where can we start the bogon updater manually?
|
|
|
|
|
Logged
|
Chris
Theoretically, theory and practis should be the same.
Practically they aren't.
|
|
|
|
|
thekurgan
|
|
« Reply #2 on: December 27, 2008, 06:18:28 pm » |
|
You can find the source of the updater in /etc/crontab
|
|
|
|
|
Logged
|
|
|
|
|
|
jahonix
|
|
« Reply #3 on: December 28, 2008, 06:34:28 am » |
|
Really?
Which of those lines does it? ;-)
* root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 ssh
* root /etc/pppoerestart
* root /usr/local/sbin/squid -k rotate
* root /usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today
|
|
|
|
|
Logged
|
Chris
Theoretically, theory and practis should be the same.
Practically they aren't.
|
|
|
|
|
thekurgan
|
|
« Reply #4 on: December 28, 2008, 11:04:00 am » |
|
Looks like you are missing some entries. Here is my /etc/crontab:
$ cat /etc/crontab
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour mday month wday who command
#
#
# pfSense specific crontab entries
# Created: December 26, 2008, 6:38 pm
#
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
# */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
# */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/140 * * * * root /usr/local/sbin/reset_slbd.sh
#
# If possible do not add items to this file manually.
# If you do so, this file must be terminated with a blank line (e.g. new line)
#
|
|
|
|
|
Logged
|
|
|
|
|
|
dotdash
|
|
« Reply #5 on: December 29, 2008, 09:48:04 am » |
|
I copied /etc/rc.update_bogons.sh to a temporary script, removed the sleep and ran it.
|
|
|
|
|
Logged
|
|
|
|
|
|
jahonix
|
|
« Reply #6 on: December 30, 2008, 06:10:33 am » |
|
Thanks!
Dec 30 12:04:50 root: 11 addresses deleted.
Dec 30 12:04:50 root: Bogons file downloaded: 1 addresses added.
Dec 30 12:04:48 root: rc.get_bogons.sh is beginning the update cycle.
Dec 30 12:04:48 root: rc.get_bogons.sh is starting up.
Actually, I seem to be missing some cron jobs on all the machines I updates from 1.2rel or 1.2.1RCs
Could be an update glitch? Scott? ;-)
Time for a fresh install...
|
|
|
|
« Last Edit: December 30, 2008, 06:14:03 am by jahonix »
|
Logged
|
Chris
Theoretically, theory and practis should be the same.
Practically they aren't.
|
|
|
|
|
dotdash
|
|
« Reply #7 on: January 15, 2009, 01:20:02 pm » |
|
Updating from 1.2.1 (with updated bogon list) to 1.2.2 resulted in the same problem with old bogons. Just a FYI.
|
|
|
|
|
Logged
|
|
|
|
|
|
cmb
|
|
« Reply #8 on: January 18, 2009, 01:46:59 pm » |
|
I updated it in CVS a few days ago. Existing installs will always update to the latest on the first of every month, or you can run it manually to update right away.
|
|
|
|
|
Logged
|
pfSense Commercial SupportPaying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
|
|
|
|
|
cmb
|
|
« Reply #9 on: January 18, 2009, 02:04:11 pm » |
|
If you don't have the update in /etc/crontab, it's because it's in the cron entries in your config.xml. Newer installs won't have it in /etc/crontab but older ones will. It works the same either way.
|
|
|
|
|
Logged
|
pfSense Commercial SupportPaying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
|
|
|
|
|
Emab
|
|
« Reply #10 on: January 24, 2009, 11:26:19 am » |
|
I've a 1.2.2 version. My /etc/crontab is empty: SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour mday month wday who command
#
and I couln't find any cron entry in config.xml I need a fresh install? |
|
|
|
« Last Edit: January 24, 2009, 11:29:22 am by Emab »
|
Logged
|
|
|
|
|
|
cmb
|
|
« Reply #11 on: January 24, 2009, 12:07:04 pm » |
|
and I couln't find any cron entry in config.xml
I need a fresh install?
Shouldn't. You sure there isn't anything in your config like this: <cron> <item> <minute>0</minute> <hour>*</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command>/usr/bin/nice -n20 newsyslog</command> </item> That came from a years-old install upgraded to 1.2.2. |
|
|
|
|
Logged
|
pfSense Commercial SupportPaying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
|
|
|
|
|
Emab
|
|
« Reply #12 on: January 25, 2009, 01:27:40 pm » |
|
Shouldn't. You sure there isn't anything in your config like this:
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
That came from a years-old install upgraded to 1.2.2.
No, it isn't. I've only <cron/> For example I've bogon filtering activated, but neither in cron or in config.xml appear the script to update them. What I can do? |
|
|
|
|
Logged
|
|
|
|
|
|
cmb
|
|
« Reply #13 on: January 25, 2009, 02:42:36 pm » |
|
Backup your config, open it in a text editor and replace <cron/> with this: <cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/300</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
Will see if I can figure out how you don't have that. |
|
|
|
|
Logged
|
pfSense Commercial SupportPaying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
|
|
|
|
|
Emab
|
|
« Reply #14 on: January 25, 2009, 03:05:11 pm » |
|
Thank you!
Just added!
|
|
|
|
|
Logged
|
|
|
|
|
|
pfSense Forum
