OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: gonzo on February 13, 2018, 08:46:11 pm
-
Hi
I created the alias type: URL Table (IPs), host (s): http://ip.jchost03.pl/ip_zablokowane_ataki.txt , and I added the rule to Firewall, but when I check pf Tables, is empty.
What is the reason that the table is empty ?
gonzo
-
Can you screenshot the settings for the alias?
-
I am including the view of aliases and rules
-
You have the same alias url twice. Maybe deleting the one you don't use helps?
-
did not help
-
If you run this command from the shell, will it populate the pf table?
# configctl filter refresh_aliases
-
Change the name of the list to something other than the same name of the URL you're using. Just name it test1 or test2 or something just as a test.
-
no, still empty
-
still empty II
-
Firehol is populated? Any other lists are working?
Btw, i think Firehol L1 contains spamhaus. You could verify and delete it if confirmed.
-
Yes, FireHOL is OK, drop, edrop deleted
-
If you configure Firewall Maximum Table Entries @ Firewall: Settings: Advanced to say.. 500000, will your other list work? After increasing the table entry, pls run "configctl filter refresh_aliases" again.
-
I set the value of this variable to 999999 at the very beginning of the configuration.
-
Delete the alias and recreate.. make sure there are no white spaces. Will this work?
-
I delete Firewall: Rules: OPT1
I delete Firewall: Aliases
recreate alias and rules, and .... still empty
-
Running out of ideas for this evening :) ...
-
Maybe just this one:
-If you WinSCP to this path: /root/var/db/aliastables
-Delete everything related to that alias
-Delete the alias from the GUI
.. and recreate... will this populate the table?
-
Strange results for me. I tried the URL in OP's first post and it didn't work.
Doesn't work: http://ip.jchost03.pl/ip_zablokowane_ataki.txt
Doesn't work: ip.jchost03.pl/ip_zablokowane_ataki.txt
WORKS: http://www.ip.jchost03.pl/ip_zablokowane_ataki.txt (screenshot1)
Notice the "www" that allowed the pfTables to populate (screenshot2). OP, try what I did, hopefully it works for you too.
-
It could be forcing a redirect that is not followed properly by the fetch library?
-
I removed the ralias and the firewall rule, I made a new alias and rule, but it is still empty.
I also see the names of removed alaises (IP_ataki, ip_ataki, ip_blocked_ataki) how to remove them ?
-
Franco, good point I didn't think of but Fiddler doesn't show redirect.
gonzo, you might have to remove manually if a reboot doesn't work; /var/db/aliastables. Might as well reboot with all the work that you did anyway.
-
FireWall already works in a production environment. Deleting this file will affect the operation of FW ?
-
No, it shouldn't affect production. It merely removes the alias from showing in the pfTables selection. If everything is working fine. I'd say leave it alone.
-
I removed the contents of the catalog ( text files ) : /var/db/aliastables .
I have removed all aliases and all rules except one "Allow all" . This is the default rule that is installed with the system.
Before I start creating new aliases and new rules, I want to delete entries that I see : Firewall: Diagnostics: pfTables.
1) Why do I still see these entries? If all aliases and rules are removed ?
2) How can I delete these entries ?
-
My question is too difficult or too simple ? . No one knows the answer ?
-
Firewall: Aliases: View -> you should not have any aliases here.
You should not have any files here: /var/db/aliastables
And maybe you should apply this patch from here (read the entire conversation):
https://github.com/opnsense/core/issues/2162
And then reboot, then recreate the aliases.
-
Works?