[solved] Where did bogons go?

Started by OPNenthu, May 01, 2025, 02:43:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 01, 2025, 02:43:19 AM Last Edit: May 01, 2025, 09:16:50 AM by OPNenthu
I usually consume about 25% of the total firewall table entries under Aliases, but I just noticed it took a huge dive to 9%.  Looking closer, I see that I have suddenly lost the majority of the bogons.

Another firewall I admin still has thousands of bogons (pasting for comparison).  Both are 25.1.5_5 and set to update monthly under Firewall -> Settings ->Advanced -> Bogon Networks.

Is there a recent change?

You cannot view this attachment.

You cannot view this attachment.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE
May 01, 2025, 08:14:01 AM #1
Looks like the default bogons to me ;)

# wc -l src/etc/bogons*
      10 src/etc/bogons.sample
      76 src/etc/bogonsv6.sample
      86 total

So the obvious thing would be to check your bogons fetch log starting with:

# grep -nri bogons /var/log/system


Cheers,
Franco
May 01, 2025, 08:37:07 AM #2
Hi franco,

Sorry, not entirely clear.  Are you saying that my bogons list is supposed to only contain these items, or that I'm seeing a reduced count because a fetch hasn't occurred?

There's nothing in said log:

Code Select
root@firewall:~ # grep -nri bogons /var/log/system
root@firewall:~ #

Is there a way to trigger the update?
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE
May 01, 2025, 09:11:34 AM #3 Last Edit: May 01, 2025, 09:17:32 AM by hharry
Quote from: OPNenthu on May 01, 2025, 08:37:07 AM
Code Select
root@firewall:~ # grep -nri bogons /var/log/system
root@firewall:~ #


Looks like the update is not triggering, check in your configuration in OPNSense Firewall: Settings: Advanced, for the Bogon update frequency, i have mine set to daily, and it's been updating as expected.

you should also see a cronjob installed, like snippet below;

Code Select
root@OPNsense:~ # crontab -l
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
REQUESTS_CA_BUNDLE=/usr/local/etc/ssl/cert.pem
#minute hour    mday    month   wday    command
1       3       *       *       *       (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null

Sample log file snippet as below
Code Select
root@OPNsense:~ # grep -nri bogons /var/log/system
/var/log/system/latest.log:2:<13>1 2025-05-01T03:04:16+10:00 OPNsense.localdomain root 57509 - [meta sequenceId="1"] bogons update starting
/var/log/system/latest.log:3:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 64108 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/latest.log:4:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 74492 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/latest.log:5:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 76702 - [meta sequenceId="4"] update bogons is ending the update cycle
/var/log/system/system_20250430.log:25:<13>1 2025-04-30T03:05:05+10:00 OPNsense.localdomain root 49980 - [meta sequenceId="1"] bogons update starting
/var/log/system/system_20250430.log:26:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 60853 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/system_20250430.log:27:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 70377 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/system_20250430.log:28:<13>1 2025-04-30T03:05:08+10:00 OPNsense.localdomain root 72136 - [meta sequenceId="4"] update bogons is ending the update cycle
/var/log/system/system_20250501.log:2:<13>1 2025-05-01T03:04:16+10:00 OPNsense.localdomain root 57509 - [meta sequenceId="1"] bogons update starting
/var/log/system/system_20250501.log:3:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 64108 - [meta sequenceId="2"] Bogons V4 file updated: no changes.
/var/log/system/system_20250501.log:4:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 74492 - [meta sequenceId="3"] Bogons V6 file updated: no changes.
/var/log/system/system_20250501.log:5:<13>1 2025-05-01T03:04:19+10:00 OPNsense.localdomain root 76702 - [meta sequenceId="4"] update bogons is ending the update cycle


OPNsense 25.1.7_4-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
Basic non-complex install with frr, IDS and sftp-backup plugins
May 01, 2025, 09:14:42 AM #4
This is comical :)

So today being the first of the month, it coincidentally just triggered itself.  If I'd waited just a few hours to check I'd not have even noticed.

Code Select
root@firewall:~ # grep -nri bogons /var/log/system
/var/log/system/system_20250501.log:668:<13>1 2025-05-01T03:02:54-04:00 firewall.h1.home.arpa root 65696 - [meta sequenceId="1"] bogons update starting

I had reinstalled OPNsense a couple days ago.  I just didn't make the connection that I was looking at a default set of bogons.  I thought I had lost them somehow.

All's good now.  Thanks!
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE
Print
Go Up Pages1
User actions