Enabled Blacklists not visible in Cockpit

Since Today i become many mails from Cron showing Blacklists errors like this:

[WARNING] Skipping invalid blacklist ‘proxyrss_7d’
[WARNING] Skipping invalid blacklist ‘proxyrss_1d’
[WARNING] Skipping invalid blacklist ‘zeus’
[WARNING] Skipping invalid blacklist ‘proxyrss_30d’
[WARNING] Skipping invalid blacklist ‘zeus_badips’
[WARNING] Skipping invalid blacklist ‘proxyrss’

Maybe this lists are temporary or no more reacheable or defective or something, so i want to disable this lists in IP blacklist.

I have tried this in Cockpit > Thread shield > IP blacklists section but the lists was not shown (anymore) via search field and not in the listing.

In /var/lib/nethserver/db/configuration file the (missed) blacklists was shown enabled as espected, so i decide to remove this lists by hand via editing this configuration file.

After “signal-event nethserver-blacklist-save” (or via Cockpit saving) no new Cron errors occured.

I think the IP blacklist section should shown all “enabled” lists entries and not only if the corresponding blacklists is found in the “master” blacklist-git (like https://github.com/firehol/blocklist-ipsets.git).

Regards
yummiweb

1 Like

this comes when you have enabled these blacklists but the blacklists are not more available in /usr/share/nethserver-blacklist/ipsets

try to download them again by

signal-event nethserver-blacklist-save ipsets

After

signal-event nethserver-blacklist-save ipsets

the “missing” blacklists are not in /usr/share/nethserver-blacklist/ipsets and so not shown in the Cockpit > Thread shield > IP blacklists listing.

I understand (maybe), that the lists “gone” after an update in the corresponding git, but the removed lists should be visible (to disable) in Cockpit or removed straight in db/configuration.

It should be not necessary to remove this lists by hand in configuration db after the lists are “gone” in the git.

how to trade if it is a temporary missing blacklist, before to download we remove all the lists, then we fetch them

the relevant code

I had the same problem today.
A reset /usr/share/nethserver-blacklist/download dnss --debug doesn’t help
I uninstalled …

yum autoremove nethserver-blacklist

rm -f -r /usr/share/nethserver-blacklist

…and reinstalled thread shield.

1 Like

Not sure your issue is relative to this one @capote, here the remote git has changed the blacklist content IIUC

What about, in case of subscribed blacklist are missing or not reachable:

  1. keep sending the warning email;
  2. when loading the list on UI, compare the blacklist config db against the available blacklists; if not there, mark theme as orphaned on the UI (maybe with a new “status” property). I haven’t checked the code, so maybe it is necessary to add the missing blacklist as fake… (if possible, or show them apart)
  3. Let the admin keep/delete them.
3 Likes

It seems to me so, only reduced to the Zeus list.

2 Likes

We also saw these messages regarding the zeus list recently. A check reveiled that this list was not activated anyway. What I then did was activating the list, and then deactivate it again. As I shortly had changed my upstream dns in pihole to filtered quad9 with dnssec and as I was not sure if this caused the problem I then modified it to unfiltered quad9 without dnssec in piHole . One of those two actions stopped the threatshield mails about the zeus list.

1 Like

Same problem here, i have some customers with threat shield enabled.

I have to modify manually every customers’ firewall configuration…

I agree, this should be the correct behavior.
Let’s see if we can implement it.

3 Likes

Now the missing blacklist are show in the table to be removed if missing, kudo to @andre8244

5 Likes

The final solution will be when the package will be tested and released, we are a tiny team, we need sysadmin to valid that the testing rpm is good without newer issues, please stay tuned.

:smiley:

1 Like

please verify

1 Like