OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: ruuskil on December 25, 2022, 10:21:35 am
-
Anyone else experiencing this? Normally I get around 20k blocked IPs from the community but now it has been like this for several days. I have all available updates installed and haven't changed anything in the configuration.
crowdsecurity/community-blocklist update : +32/-1 IPs ban:32
15 minutes ago
crowdsecurity/community-blocklist update : +32/-1 IPs ban:27
2 hours ago
crowdsecurity/community-blocklist update : +32/-0 IPs ban:22
4 hours ago
crowdsecurity/community-blocklist update : +32/-1 IPs ban:11
6 hours ago
etc...
-
I'm noticing the same behavior, atm only 208 IP's in the blocklist. Looking at possible causes I can only think of two:
1: The plugin got updated last patch round, but I'm not entirely sure if the drop in blocked IP's started after the patch. If so, perhaps a problem with the plugin.
2: The blacklist itself got trimmed, but in my opinion a drop from 20k to 208 seems a bit too harsh of a drop.
Anyway, I also dropped the question in the crowdsec support channel. Perhaps some more insight can be found there. Will keep this thread updated if any info comes my way.
-
Hi,
can you test with the 1.4.3 package? It has not landed in opnsense ports yet: https://www.freshports.org/security/crowdsec/
# pkg add https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/crowdsec-1.4.3.pkg
-
Running the command
# pkg add https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/crowdsec-1.4.3.pkg
gives the following output:
Fetching crowdsec-1.4.3.pkg: 100% 29 MiB 6.1MB/s 00:05
Installing crowdsec-1.4.3...
the most recent version of crowdsec-1.4.1_3 is already installed
-
Gave it an other shot with using:
# fetch https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/crowdsec-1.4.3.pkg
# pkg install crowdsec-1.4.3.pkg
Installation went ok, crowdsec console does see the new version: 1.4.3
However, the ip blocklist stays at a low number (274 atm) and the alert section of the plugin is awfully empty. From the looks of it, it doesn't seem to update the blacklist at all. At least during the period for half an hour after installation, that seems to me no updated list is available, hence version 1.4.1. and 1.4.3 use the same (trimmed down) list. Also the history of the ip blocklist updates can't be seen anymore.
Anyway, rolled back to version 1.4.1 and the history can be seen again. Is this a history setting per plugin version and do I need to wait longer before the updates get downloaded?
-
Restart Crowdsec and give it a few minutes, you'll see the number of IPs in the alias o up, currently 13652.
This is confirmed both on an old install manually upgraded to 1.4.3 and a new one with 1.4.1
The issue was never on the OPNsense side.
-
Turns out I spoke too soon, the old install only got a bump from ~400-500 entries in the past few days to ~ 3471, so it looks like not everything might be OK/consistent server side just yet.
-
Can confirm that, only 3235 entries at this time of writing.
-
Any solution for this?
171 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:3000
17 minutes ago
170 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:1446
2 hours ago
169 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:803
4 hours ago
168 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:571
6 hours ago
167 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:387
8 hours ago
166 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:486
10 hours ago
165 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:368
12 hours ago
164 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:295
14 hours ago
163 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:218
16 hours ago
162 crowdsecurity/community-blocklist update : +3000/-0 IPs ban:175
18 hours ago