@bbcan177 thank you so much for helping me out! I should have been forcing a cron instead of doing a update/reload.

Thanks! :)

Update, I just moved from 3.2.0.1 to pfBlockerNG 3.2.0_3, no issues so far. Network throughput, memory and CPU usage all within normal parameters.

Thank you @BBcan177 for all your work on this excellent package!

@fluvannait
You changed to type to CARP without editing it?
A CARP VIP for DNSBL is an imbecility. This IP is only needed at the master. So it can be a simple IP alias. If you want to have it on both, you can hook it up on a CARP.

@creationguy

I second that. "Its not uncommon for this feed."
I don't worry about it, just clear the message on the widget whenever you see it.

the most I've ever seen it miss is 3 in a row stacked up. it is usually just 1 miss and it gets it next cycle. less than stable feed i suspect.

All the others I use are fine.

@bbcan177

Thx, fpr your support! :)

I have since uninstalled and reinstalled the pfBlockerNG-devel package. I also deleted the directories (/usr/local/share/GeoIP and /var/db/pfblockerng).

Since then, I have not noticed any more such entries. If an entry appears again, I will test the commands and report in this thread.

@bbcan177

Thanks for the response, I have found the thread and the redmine:

https://redmine.pfsense.org/issues/13953

https://forum.netgate.com/topic/177884/pfblockerng-devel-v3-2-0-crashing-repeatedly-on-pfsense-23-01/7?_=1676563838954

Its not a pfblocker issue its related to openvpn clean up.

Yes, working now. THX

@bbcan177

the new version fixed my issue

thanks a lot. Great and super duper fast job

@shaw222 see https://docs.netgate.com/pfsense/en/latest/troubleshooting/firewall.html#new-rules-are-not-applied

@seanr22a Just found this and started using them. THX!

@marco-42 Welcome

@SteveITS : Thank you for the link.

@rehtael Hmm, I had a similar sounding error during pfBlocker (not -devel) installation, but it seems to be working fine. This was a bit of an odd scenario, I installed 22.05 new, restored the config (which had pfB in it), pfSense said it had installed the packages, I upgraded to 23.01 (forgetting to uninstall pfB as I usually do), and found neither pfB nor apcupsd were installed. After installing I got:

Executing custom_php_install_command()... Rebuilding GeoIP tabs...grep: /usr/local/share/GeoIP/cc/Africa_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Africa_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Antarctica_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Antarctica_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Asia_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Asia_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Europe_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Europe_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/North_America_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/North_America_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Oceania_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Oceania_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/South_America_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/South_America_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v4.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Proxy_and_Satellite_v6.txt: No such file or directory grep: /usr/local/share/GeoIP/cc/Top_Spammers_v4.info: No such file or directory grep: /usr/local/share/GeoIP/cc/Top_Spammers_v6.info: No such file or directory Fatal error: Uncaught TypeError: sort(): Argument #1 ($array) must be of type array, null given in /usr/local/www/pfblockerng/pfblockerng.php:1980 Stack trace: #0 /usr/local/www/pfblockerng/pfblockerng.php(1980): sort(NULL, 2) #1 /usr/local/pkg/pfblockerng/pfblockerng_install.inc(40): pfblockerng_get_countries() #2 /etc/inc/pkg-utils.inc(781) : eval()'d code(1): include_once('/usr/local/pkg/...') #3 /etc/inc/pkg-utils.inc(781): eval() #4 /etc/inc/pkg-utils.inc(899): eval_once('include_once('/...') #5 /etc/rc.packages(76): install_package_xml('pfBlockerNG') #6 {main} thrown in /usr/local/www/pfblockerng/pfblockerng.php on line 1980 PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng.php, Line: 1980, Message: Uncaught TypeError: sort(): Argument #1 ($array) must be of type array, null given in /usr/local/www/pfblockerng/pfblockerng.php:1980 Stack trace: #0 /usr/local/www/pfblockerng/pfblockerng.php(1980): sort(NULL, 2) #1 /usr/local/pkg/pfblockerng/pfblockerng_install.inc(40): pfblockerng_get_countries() #2 /etc/inc/pkg-utils.inc(781) : eval()'d code(1): include_once('/usr/local/pkg/...') #3 /etc/inc/pkg-utils.inc(781): eval() #4 /etc/inc/pkg-utils.inc(899): eval_once('include_once('/...') #5 /etc/rc.packages(76): install_package_xml('pfBlockerNG') #6 {main} thrownpkg-static: POST-INSTALL script failed =====

...so maybe because the files didn't exist yet/I hadn't run an update yet?

There is a 3.2.0_2 version on the way, per other posts.

@bbcan177 Ah thanks, I misunderstood the way it worked, thanks! :)

@thebear said in [23.01-RELEASE] pfBlockerNG v3.2.0_1 not ready for DHCP registration with Python mode?:

a the text on the pfSense website confuses me

Yep I agree. The documentation got ahead of the fix. Its causing confusion.
It should be removed until the fix is merged and available for download, imo.

@SteveITS
Fixed.
For future readers: This is what I did, I do not know if every step was necessary.

I am using pfBlockerNG-devel 3.2.0_1
In pfB logs page, I deleted py_error.log and the error.log
I then deleted the pfB widget from the dashboard and saved new dashboard.
Did a force update of pfB dnsbl.
Then reinstalled the pfB widget and it is ok so far.

@mzeid said in need help: pfBlockerNG with L3 switch with multiple subnets on LAN:

everything was working fine, but pfBlockerNG is only working with LAN subnet

Glad you got it sorted, but this points to design problem to be honest. You should not connect downstream router via "lan" if there are other devices on the lan. Downstream routers should be connected via a transit network (no hosts) or you can run into an issue with asymmetrical traffic flow. Unless you do host routing on the devices on the lan network. Or you downstream router is natting, etc.

Unless none of the devices on the lan never talk to downstream devices.

as.jpg

Downstream sends Syn to client on the lan network, the device sends it syn,ack to its default gateway because it has no route to this network. Pfsense never saw the syn, so there is no state.. And traffic is denied.

This is a better setup when you have a downstream router

setup.jpg

Maybe devices on lan and your downstream never talk to each other? But whenever you connect routers together, it should be a transit network (no hosts on it only routers) or you can have issue, especially when a stateful firewall is doing the routing.