blocklist-ipsets icon indicating copy to clipboard operation
blocklist-ipsets copied to clipboard

Published 20 hours ago verified publisher icon firehol

Temporary failure resolving 'de.archive.ubuntu.com'

Open jessicana opened this issue 3 years ago • 0 comments

Haveing the bogons blacklist as part of the firehol.conf file causes temporary failure resolving error and the command sudo apt update on ubuntu 20.04 will end up with an error. The firehol.conf file is as follows:

version 6
# Block bogons list 
ipv4 ipset create bogons hash:net
ipv4 ipset addfile bogons ipsets/bogons.netset
# blacklist them
ipv4 blacklist full ipset:bogons

# Use the following to recognise RavenCore
server_ravencore_ports="tcp/8000"
client_ravencore_ports="default"

# Use the following to recognise RavenCore SSL
server_ravencoressl_ports="tcp/8080"
client_ravencoressl_ports="default"

# Use the following to recognise tinyproxy
server_tinyproxy_ports="tcp/8888"
client_tinyproxy_ports="default"

# Use the following to avoid dhcp-client from filling the logs
server_dhcpclient_ports="udp/63"
client_dhcpclient_ports="default"

interface any internet
       # Use the following to enable all available protection
       protection strong
       server "ftp ssh smtp dns http https pop3 imap socks syslog tinyproxy ravencore ravencoressl" accept
       client all accept

On ubuntu, run: sudo apt update and you will get this error:

Err:1 http://mirror.example.de/ubuntu/packages focal InRelease
  Temporary failure resolving 
.
..
...
W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/focal/InRelease  Temporary failure resolving 'de.archive.ubuntu.com'
W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease  Temporary failure resolving 'de.archive.ubuntu.com'
W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease  Temporary failure resolving 'de.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
....
.....

The update succeeds after commenting out the first block as follows:

# Block bogons list 
##ipv4 ipset create bogons hash:net
##ipv4 ipset addfile bogons ipsets/bogons.netset
# blacklist them
##ipv4 blacklist full ipset:bogons

Run service firehol restart and firehol start then sudo apt update and you are all set.

Why does the bogons list block ubuntu updates?

jessicana avatar Jan 08 '22 20:01 jessicana