Messages

Regarding to my last Maltrial fail2ban connection problem, i have manually added two command lines into FAIL2BAN_ALLOWLIST 127.0.0.1 & FAIL2BAN_ALLOWLIST 192.168.1.1/24 into /usr/local/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf to resolve fail2ban connection problem.
https://forum.opnsense.org/index.php?topic=52066.msg268118#msg268118
However, it only works for few hours only then appears alot of error message as below. I would like to confirm that Maltrial is working so far so good and i can access the fail2ban list from my pc without any problem. I have tried to restart all the service and reboot the firewall. It doesn't help to solve the connection problem.

Code Select Expand

2026-06-12T12:54:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:54:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:48:45
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:48:45
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:42:02
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:42:02
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:37:03
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:37:03
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:32:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:32:01
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:27:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:27:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:22:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)


Was this working before? Because this popped up recently...

https://github.com/opnsense/plugins/pull/5463

I tried manually add "FAIL2BAN_ALLOWLIST 127.0.0.1" in /usr/local/share/maltrail/maltrail.conf or "127.0.0.1 192.168.1.1/24" in Services: Maltrail: General page.
Finally, no help.
It was working good until last 26.4_14 hotfix. I　didn't remember which day fail2ban crashed or stop working. But Maltrail server& sensor are both working until now.

Maltrail works fine so far so good. Recently, I cannot get access Maltrials http://192.168.1.1:8338/fail2ban when i opened it directly in the browser. The browser shown 404 not found. I have tried everything like reinstall the package, remove all the files in maltrials folder, start and stop all maltrail server and sensor many times but it seems cannot start fail2ban service.
Is there anything i can do to get access maltrail fail2ban again? Maltrail fail2ban stop work since last 26.1.8_5 update fix.
Thanks

Code Select Expand

2026-06-04T13:23:24 Error firewall alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-04T13:23:24 Error firewall error fetching alias url http://127.0.0.1:8338/fail2ban (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-04T13:23:24 Error firewall error fetching alias url http://127.0.0.1:8338/fail2ban [http_code:404]


You are welcome. If you want my unbound blocklist, i can share to you. I just install a ultimate blocklist as core blocklist to remove 99% ads for daily web surfing. For the Bad IP filtering, i have added tenth badIP blocklists in firewall aliases which contribute firewall tables entries about 420000. Those entries block more than 90% scanner, hacker....daily. I haven't installed any IDS/IPS except crowdsec in opnsense because it will slow down the speed at the background. I think it is good enough to block most of hacker/scanner for daily use.

Actually, i used pfsense more than 10 years then switch to opnsense before few months ago. I also have my own blocklist used in pfsense but i didn't import from pfsense to opnsense unbound because i definitely sure it is not 100% compatible with opnsense unbound. So, i copy all the blocklist and firewall rules into my notepad then create all the rules one by one. It takes few hours for me to migrate all the pfsense setting to opnsense unbound.
Now, my firewall table entries and unbound blocklist are 4618097 and 2876467 respectively are running blazingly fast with n305 cpu and 32GB DDR5.
Go back to you question, before you do any changes of setting, please go to system=>configurations=>backups. you can backup the null or default setting into your hard driver before you start to change anything in the opnsense. If you suffer any problems due to changing of setting, just restore the suspected area then reboot your opnsense. Then everything will be back to normal again.

please try restore unbound config only in firmware backup. I suffered this problem when i updated from 24.7.5.
After restoration, my opnsense and unbound back to normal.

As for the original problem: I see this too, but it seems that the list is always limited to 1000 entries, probably for performance reasons. If you select one specific client, it will also use a time range around the selected point (you can see that in the highlighted filter). That is potentially outside the limited range, so it is not shown.

Anyway, seems like a bug to me, you should report it via Github.

My situation is that if i using unbound as dns server, all clients are not able to resolve the DNS and cannot reach internet. However, if i switch to Dnsmasq, everything becomes normal.

me too. After update to 24.7.6, unbound fail to response client requests but i am pretty sure unbound is able to start up correctly.Please check the attached pic below. I also have the same unbound config running on my office server that opnsense has been upgraded to 24.7.6 yesterday without any problem.
I also check the port 53 is opened on the LAN side. However, all LAN clients are not able to resolve DNS. If i switch from unbound to DNSmasq, all LAN clients are able to reach internet instantly.

https://ibb.co/x3cLCRH