GeoIP: GeoLite2 download in a loop

[Eric Schoen]

I woke up to email this morning from Maxmind warning me that I had exceeded my daily download quota for GeoLite2.   I figured it was Opnsense. (Was running a 24.1 release until a few hours ago.)

Firewall Aliases GeoIP settings reports:

Code Select Expand

Last updated 2025-02-04T15:01:24
 Total number of ranges 1000178

Syslog has many entries of the form:

Code Select Expand

2025-02-06T08:25:12 Notice firewall geoip updated (files: 0 lines: 0)

Maxmind's site reports that I was downloading the GeoLite2-Country-CSV_20250204.zip file once or twice a second, whereas until this morning, it would download once per day.

Code Select Expand

GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/6/25 8:24
GeoLite2-Country-CSV_20250204.zip 2/5/25 8:23
GeoLite2-Country-CSV_20250131.zip 2/4/25 8:22
GeoLite2-Country-CSV_20250131.zip 2/3/25 8:21
GeoLite2-Country-CSV_20250131.zip 2/2/25 8:20
GeoLite2-Country-CSV_20250131.zip 2/1/25 8:19
GeoLite2-Country-CSV_20250128.zip 1/31/25 8:18

That nothwithstanding, the files in /usr/local/share/GeoIP/alias are still dated yesterday, so the update from Maxmind isn't completing.

I've disabled the Maxmind URL for now, and upgraded to 24.7.12.  Anyone else encounter this?  I took at look at this file and I don't see any way that this code itself could loop, but I don't know the larger context in which it could be called:

Code Select Expand

https://github.com/opnsense/core/blob/stable/24.1/src/opnsense/scripts/filter/lib/alias/geoip.py

My logs don't show any error messages that the code might emit, but they don't go back far enough either, due to log rotation. I would try fetching the zip file manually and analyzing it for corruption, but Maxmind has blocked me for a day...