Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: OPNenthu on May 01, 2025, 02:43:19 AM

Title: [solved] Where did bogons go?
Post by: OPNenthu on May 01, 2025, 02:43:19 AM
I usually consume about 25% of the total firewall table entries under Aliases, but I just noticed it took a huge dive to 9%.  Looking closer, I see that I have suddenly lost the majority of the bogons.

Another firewall I admin still has thousands of bogons (pasting for comparison).  Both are 25.1.5_5 and set to update monthly under Firewall -> Settings ->Advanced -> Bogon Networks.

Is there a recent change?

bogons_missing.png

bogons_typical.png
Title: Re: Where did bogons go?
Post by: franco on May 01, 2025, 08:14:01 AM
Looks like the default bogons to me ;)

# wc -l src/etc/bogons*
      10 src/etc/bogons.sample
      76 src/etc/bogonsv6.sample
      86 total

So the obvious thing would be to check your bogons fetch log starting with:

# grep -nri bogons /var/log/system


Cheers,
Franco
Title: Re: Where did bogons go?
Post by: OPNenthu on May 01, 2025, 08:37:07 AM
Hi franco,

Sorry, not entirely clear.  Are you saying that my bogons list is supposed to only contain these items, or that I'm seeing a reduced count because a fetch hasn't occurred?

There's nothing in said log:

Code Select
root@firewall:~ # grep -nri bogons /var/log/system
root@firewall:~ #

Is there a way to trigger the update?
Title: Re: Where did bogons go?
Post by: hharry on May 01, 2025, 09:11:34 AM
Quote from: OPNenthu on May 01, 2025, 08:37:07 AM
Code Select
root@firewall:~ # grep -nri bogons /var/log/system
root@firewall:~ #


Looks like the update is not triggering, check in your configuration in OPNSense Firewall: Settings: Advanced, for the Bogon update frequency, i have mine set to daily, and it's been updating as expected.

you should also see a cronjob installed, like snippet below;

Code Select
root@OPNsense:~ # crontab -l
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
REQUESTS_CA_BUNDLE=/usr/local/etc/ssl/cert.pem
#minute hour    mday    month   wday    command
1       3       *       *       *       (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null

Sample log file snippet as below
Code Select
root@OPNsense:~ # grep -nri bogons /var/log/system
/var/log/system/latest.log:2:<13>1 2025-05-01T03:04:16+10:00 OPNsense.localdomain root 57509 - [meta sequenceId="1"] bogons update starting
/var/log/system/latest.log:3:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 64108 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/latest.log:4:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 74492 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/latest.log:5:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 76702 - [meta sequenceId="4"] update bogons is ending the update cycle
/var/log/system/system_20250430.log:25:<13>1 2025-04-30T03:05:05+10:00 OPNsense.localdomain root 49980 - [meta sequenceId="1"] bogons update starting
/var/log/system/system_20250430.log:26:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 60853 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/system_20250430.log:27:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 70377 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/system_20250430.log:28:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 72136 - [meta sequenceId="4"] update bogons is ending the update cycle
/var/log/system/system_20250501.log:2:<13>1 2025-05-01T03:04:16+10:00 OPNsense.localdomain root 57509 - [meta sequenceId="1"] bogons update starting
/var/log/system/system_20250501.log:3:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 64108 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/system_20250501.log:4:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 74492 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/system_20250501.log:5:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 76702 - [meta sequenceId="4"] update bogons is ending the update cycle


Title: Re: Where did bogons go?
Post by: OPNenthu on May 01, 2025, 09:14:42 AM
This is comical :)

So today being the first of the month, it coincidentally just triggered itself.  If I'd waited just a few hours to check I'd not have even noticed.

Code Select
root@firewall:~ # grep -nri bogons /var/log/system
/var/log/system/system_20250501.log:668:<13>1 2025-05-01T03:02:54-04:00 firewall.h1.home.arpa root 65696 - [meta sequenceId="1"] bogons update starting

I had reinstalled OPNsense a couple days ago.  I just didn't make the connection that I was looking at a default set of bogons.  I thought I had lost them somehow.

All's good now.  Thanks!
Text only | Text with Images