I woke up to email this morning from Maxmind warning me that I had exceeded my daily download quota for GeoLite2. I figured it was Opnsense. (Was running a 24.1 release until a few hours ago.)
Firewall Aliases GeoIP settings reports:
Last updated 2025-02-04T15:01:24
Total number of ranges 1000178
Syslog has many entries of the form:
2025-02-06T08:25:12 Notice firewall geoip updated (files: 0 lines: 0)
Maxmind's site reports that I was downloading the GeoLite2-Country-CSV_20250204.zip file once or twice a second, whereas until this morning, it would download once per day.
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/5/25 8:23
GeoLite2-Country-CSV_20250131.zip 2/4/25 8:22
GeoLite2-Country-CSV_20250131.zip 2/3/25 8:21
GeoLite2-Country-CSV_20250131.zip 2/2/25 8:20
GeoLite2-Country-CSV_20250131.zip 2/1/25 8:19
GeoLite2-Country-CSV_20250128.zip 1/31/25 8:18
That nothwithstanding, the files in /usr/local/share/GeoIP/alias are still dated yesterday, so the update from Maxmind isn't completing.
I've disabled the Maxmind URL for now, and upgraded to 24.7.12. Anyone else encounter this? I took at look at this file and I don't see any way that this code itself could loop, but I don't know the larger context in which it could be called:
https://github.com/opnsense/core/blob/stable/24.1/src/opnsense/scripts/filter/lib/alias/geoip.py
My logs don't show any error messages that the code might emit, but they don't go back far enough either, due to log rotation. I would try fetching the zip file manually and analyzing it for corruption, but Maxmind has blocked me for a day...