Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblockerng-devel 3.1 stops unbound

    pfBlockerNG
    3
    14
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jperezme @Gertjan
      last edited by jperezme

      @gertjan
      This is my system cpu:
      Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
      Current: 2100 MHz, Max: 2101 MHz
      16 CPUs: 1 package(s) x 8 core(s) x 2 hardware threads

      It's strange because I have three other systems exactly like this one and it doesn't happen.
      Could you tell me exactly where I can download the number of feeds?

      ec9106a2-8a75-4760-8214-5f08c06b8a7f-image.png
      ad8a0f92-be6e-48b8-ba05-882852f86666-image.png
      Thanks in advance.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jperezme
        last edited by

        @jperezme said in Pfblockerng-devel 3.1 stops unbound:

        Could you tell me exactly where I can download the number of feeds?

        What do you mean ?
        You don't know what (how much) you download ?

        The info is here :

        f5bd35a7-301b-4a74-83b4-7438f5e7fd92-image.png

        Or here : /var/db/pfblockerng/dnsbl

        Or here - example of one feed :

        881b3405-df9a-4ebd-9e62-1d76b0d2cde2-image.png

        'DNSBL feeds' or just 'Internet' text pages - big files with host names.

        The thing is : you have to many of them : it seems that unbound can't handle it.
        If unbound needs more then, 10 minutes to react on a stop signal, something is definitely wrong. While its stopping, your pfSense has no DNS ....
        pfBlocker fails to stop it, fails to start it.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 0
        • J
          jperezme @Gertjan
          last edited by

          @gertjan
          I understand you. Could be my ut1 list?
          b248959e-eec3-474a-903c-8ca1c57fe4c1-image.png
          This is my dnsbl groups:
          19322e9b-494e-4d20-b283-d36f12303b1c-image.png

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @jperezme
            last edited by Gertjan

            @jperezme

            This :

            ab03a440-1d8d-485a-b7f2-37f249d22ca1-image.png

            would be a lot to keep in memory if the file was read by a binary executable.
            PHP is interpreted language, so a 1000 times slower.
            Added to that, for every DNS request, the entire list hast to be parsed through to see if there is a DNSBL hit.

            Solution : don't use such a big list.
            edit : with just 5 hits ...

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            J 1 Reply Last reply Reply Quote 0
            • J
              jperezme @Gertjan
              last edited by

              @gertjan As I was saying, it is very strange because on other exactly the same machines with the same software installation, even with some more lists, it never happens. In this image can you see.

              5506b05e-81bc-48ad-9b63-27c5da50d7b9-image.png

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @jperezme
                last edited by

                @jperezme
                I know.
                Start hating me for this one : between pfSense 1&2 and this third one, there is a difference ^^

                Also : 23 hits for a 4 million+ list ..... , I wouldn't bother.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                J 1 Reply Last reply Reply Quote 0
                • J
                  jperezme @Gertjan
                  last edited by

                  @gertjan
                  Calm. I don't hate you, on the contrary. 😊
                  I really appreciate your comments. Blame it on my ignorance. Really the most important thing for me is to be able to block porn, because we are in a school.

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @jperezme
                    last edited by

                    @jperezme

                    A small one : Pfblockerng never download my custom list new entries?

                    https://github.com/klabacita

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jperezme @Gertjan
                      last edited by

                      @gertjan
                      Where a good list to block porn pages?

                      Thanks.

                      NogBadTheBadN 1 Reply Last reply Reply Quote 0
                      • NogBadTheBadN
                        NogBadTheBad @jperezme
                        last edited by

                        @jperezme

                        You could try replacing Unified hosts = (adware + malware) with Unified hosts + porn

                        https://github.com/StevenBlack/hosts

                        Andy

                        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post