[SOLVED]: Issue with Geoblock - Not working after system lost power.

[xupetas]

Hello all,

I had a crash on a opnsense 21.7 (powerloss), and when it came back up the geoip alias was not working.

I've tried to see if the download/key for my geoip list was working, and it is:

root@XXXXX:/usr/local/opnsense/scripts/filter/lib # python3
Python 3.8.12 (default, Sep 20 2021, 23:00:57)
[Clang 8.0.1 (tags/RELEASE_801/final 366581)] on freebsd12
Type "help", "copyright", "credits" or "license" for more information.
>>> from geoip import download_geolite
>>> download_geolite()
{'address_count': 775784, 'file_count': 500, 'timestamp': '2021-10-19T09:47:50', 'locations_filename': 'GeoLite2-Country-Locations-en.csv', 'address_sources': {'IPv4': 'GeoLite2-Country-Blocks-IPv4.csv', 'IPv6': 'GeoLite2-Country-Blocks-IPv6.csv'}}
>>>


The list is active, but it does not work - tested with multiple IP's from a IP range that *is* included.
Also, i have enough table entries to acomodate the list:

# pfctl -sm | grep table-entries
table-entries hard limit 4000000000


Is there a way to see using pfctl that the alias is being loaded? The main simptom of this issue is that the list appears that is not being loaded and thus the rule is doing nothing.

[xupetas]

Hello all,

Found it, i had a corrupted DB (.txt) file in /var/db/aliastables. I deleted it, re-run the comand and now it appears to be working.

I found it using the command:

# truss /usr/local/opnsense/scripts/filter/update_tables.py

In the logs the error appear as:

Command '/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py' returned non-zero exit status 1.

I ran the trace on /usr/local/opnsense/scripts/filter/update_tables.py and found what db file was having issues.  It warned me of UTF8 not being able to read some file. Insde of truss i was able to see what file was.