Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3.1.0_6 UPDATE

    Scheduled Pinned Locked Moved pfBlockerNG
    77 Posts 14 Posters 16.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User @Gertjan
      last edited by

      @gertjan

      When the swap space start to get used, see that as a
      signal that your device, starting with memory, can't
      cope any more.

      Ok that is right, but in normal the half of the ram and
      swap is free and this over a long time only if ClamAV,
      snort and pfblocker-ng are updating the lists and rules
      it goes here and there nearly 70 % of both, but after the update it goes back to the above shown levels.

      Two solutions :
      Lower significantly the work load.

      Could be the way for me, I run Snort, Squid & SquidGuard,
      and pfBlocker-NG plus ClamAV on a PC Engines APU4D4.
      In the future it comes on top of all, WiFi with Captive Portal and FreeRadius.

      Double your memory and CPU.

      In the near future this is planed for the whole setup.
      Only some MacBooks, 1 PC and 1 Laptop at home usage.
      So I really don´t know what to take I am between some
      different solutions and not at the moment ready to chose.

      But thanks anyway for the tip, you were right with the ram
      and cpu load. The older APU will then be a GPS based NTP
      and OpenLDAP server with some other services for the LAN.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @A Former User
        last edited by

        @dobby_ said in 3.1.0_6 UPDATE:

        Snort, Squid & SquidGuard, plus ClamAV

        Just for my own curiosity : knowing that 99,x % of all traffic is TLS these days, so the traffic payload is completely random for pfSense, what should ClamAV do ? Scanning virus in the packet headers ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @Gertjan
          last edited by

          @gertjan said in 3.1.0_6 UPDATE:

          what should ClamAV do ? Scanning virus in the packet headers ?

          I use Squid as a caching-proxy and let ClamAV do the av scanning on it.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @A Former User
            last edited by

            @dobby_

            Ok, that's the way to do it ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • keyserK
              keyser Rebel Alliance @mcury
              last edited by keyser

              @mcury said in 3.1.0_6 UPDATE:

              @steveits said in 3.1.0_6 UPDATE:

              came out the other day but only for 2.6 apparently.

              It is also available for plus, updated yesterday.

              I wonder whats going on here… Rumors have it that it is Netgate that maintains this package now and @BBcan177 is no longer on board.

              Regardless if that is true or not, it makes less than NO sense to release not one but two minor fixes of the package where the most glaring obvious bug i still present.
              Has the package been hijacked, and is now delivering malware instead?

              We need some proper information about these release from whoever is responsible for the included changes and who approved it.

              Love the no fuss of using the official appliances :-)

              fireodoF ? S R 4 Replies Last reply Reply Quote 2
              • fireodoF
                fireodo @keyser
                last edited by fireodo

                @keyser

                Hi,

                as far as I can see, has the content of pfblockerng.inc between line 4136 and 4142 completely been reworked (that was the part that made the problems
                https://redmine.pfsense.org/issues/13154 )

                But I agree - a clarification from Netgate or whoever would be very much appreciated!

                Regards,
                fireodo

                Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                pfsense 2.8.0 CE
                Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                keyserK 1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @keyser
                  last edited by

                  @keyser

                  Has the package been hijacked, and is now delivering
                  malware instead?

                  Why? Because Netgate is now the maintainer? Then you could not trust the whole system (pfSense) and this makes
                  no sense for me. If I trust someone (Netgate) and use his entire system I will also trust them if they (Netgate) maintain a package!

                  We need some proper information about these release
                  from whoever is responsible for the included changes
                  and who approved it.

                  Thinking one step ahead please, it is better in my eyes getting the hands on a package that is available and present, then one is not maintained any more!

                  I will be more lucky with a patch, given in a short time
                  that is working, I mean it is better then watching out the whole ticket parade and not patch is available.

                  keyserK 1 Reply Last reply Reply Quote 0
                  • keyserK
                    keyser Rebel Alliance @fireodo
                    last edited by

                    @fireodo said in 3.1.0_6 UPDATE:

                    @keyser

                    Hi,

                    as far as I can see, has the content of pfblockerng.inc between line 4136 and 4142 completely been reworked (that was the part that made the problems
                    https://redmine.pfsense.org/issues/13154 )

                    But I agree - a clarification from Netgate or whoever would be very much appreciated!

                    Regards,
                    fireodo

                    If that is completely reworked, why does it still suffer the same issue then? I haven't updated yet because of this, and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136. So something is still the same in that section.

                    Love the no fuss of using the official appliances :-)

                    1 Reply Last reply Reply Quote 0
                    • keyserK
                      keyser Rebel Alliance @A Former User
                      last edited by

                      @dobby_ said in 3.1.0_6 UPDATE:

                      Why? Because Netgate is now the maintainer? Then you could not trust the whole system (pfSense) and this makes
                      no sense for me. If I trust someone (Netgate) and use his entire system I will also trust them if they (Netgate) maintain a package!

                      Yes, I agree, if Netgate took over I still trust it although this release without release notes and with the bug still present does shake my confidence a bit.
                      But the question is: Is netgate the maintainer now? We have no information, and theoretically this update could come from some other source and was accidentally approved without throrough review (Given the bug is still there, I'm guessing there has been no review.....)

                      We need some proper information about these release
                      from whoever is responsible for the included changes
                      and who approved it.

                      Thinking one step ahead please, it is better in my eyes getting the hands on a package that is available and present, then one is not maintained any more!

                      I will be more lucky with a patch, given in a short time
                      that is working, I mean it is better then watching out the whole ticket parade and not patch is available.

                      Ehh no. The 3.1.0_4 build was supported up until recently by BBCAN, and until pfSense has made a new release (2.7/22.11) another pfBlockerNG-devel release is not needed unless it fixes the problem _4 had.

                      Love the no fuss of using the official appliances :-)

                      J 1 Reply Last reply Reply Quote 0
                      • fireodoF
                        fireodo
                        last edited by fireodo

                        @keyser said in 3.1.0_6 UPDATE:

                        I haven't updated yet because of this, and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136. So something is still the same in that section.

                        I saw the modifications in 3.1.0_6 FOR pfsense 2.6.0 - I dont know if that is also the case in pfsense+ 22.05!
                        (the previous version 3.1.0_5 for 2.6.0 still had the issue in line 4136)

                        Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                        SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                        pfsense 2.8.0 CE
                        Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @fireodo
                          last edited by Gertjan

                          Read How to unblock duckduckgo and find why it's being blocked.

                          BB is still there 😊

                          And @keyser

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          fireodoF 1 Reply Last reply Reply Quote 1
                          • fireodoF
                            fireodo @Gertjan
                            last edited by

                            @gertjan said in 3.1.0_6 UPDATE:

                            Read How to unblock duckduckgo and find why it's being blocked.

                            I saw that Thread ☺ and it was nice to see that he is still implicated in pfblockerng ...

                            Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                            SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                            pfsense 2.8.0 CE
                            Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jdeloach @keyser
                              last edited by

                              @keyser said in 3.1.0_6 UPDATE:

                              @dobby_ said in 3.1.0_6 UPDATE:

                              But the question is: Is netgate the maintainer now? We have no information, and theoretically this update could come from some other source and was accidentally approved without throrough review (Given the bug is still there, I'm guessing there has been no review.....)

                              Ehh no. The 3.1.0_4 build was supported up until recently by BBCAN, and until pfSense has made a new release (2.7/22.11) another pfBlockerNG-devel release is not needed unless it fixes the problem _4 had.

                              What problem did _4 have? I am a long user of this package and was not aware of any bugs/issues.

                              GertjanG 1 Reply Last reply Reply Quote 0
                              • GertjanG
                                Gertjan @jdeloach
                                last edited by

                                @jdeloach said in 3.1.0_6 UPDATE:

                                What problem did _4 have?

                                Scroll to the top, start reading ;)

                                @keyser said in 3.1.0_6 UPDATE:

                                and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                J 1 Reply Last reply Reply Quote 0
                                • J
                                  jdeloach @Gertjan
                                  last edited by

                                  @gertjan said in 3.1.0_6 UPDATE:

                                  @jdeloach said in 3.1.0_6 UPDATE:

                                  What problem did _4 have?

                                  Scroll to the top, start reading ;)

                                  @keyser said in 3.1.0_6 UPDATE:

                                  and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136.

                                  I don't see any issues listed in any of the messages, that I have ever had. Granted I don't use Netgate hardware and only run CE 2.6.0. Swap space is always 0% and CPU usage is never spikes above about 3%.

                                  By the way I'm running Snort as well as pfBlockerNG.

                                  ? keyserK 2 Replies Last reply Reply Quote 0
                                  • BBcan177B
                                    BBcan177 Moderator
                                    last edited by

                                    Before the pitch forks come out... I am still here and nothing has changed but its been challenging lately ... working on a release which should hopefully be available later this week or next week for the 2.6 and 2.7 branches. Thanks for the patience!

                                    Its been quite a ride since 2014:
                                    https://twitter.com/BBcan177/status/1354556985652506624

                                    "Experience is something you don't get until just after you need it."

                                    Website: http://pfBlockerNG.com
                                    Twitter: @BBcan177  #pfBlockerNG
                                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                    fireodoF keyserK lohphatL J 5 Replies Last reply Reply Quote 16
                                    • fireodoF
                                      fireodo @BBcan177
                                      last edited by fireodo

                                      @bbcan177 said in 3.1.0_6 UPDATE:

                                      Before the pitch forks come out..

                                      😂 😂 😂

                                      Thanks for the patience!

                                      Thank YOU for clarification and Thank You for your work! (has to be said)

                                      Kind regards,
                                      fireodo

                                      Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                                      SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                                      pfsense 2.8.0 CE
                                      Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                                      DefenderLLCD 1 Reply Last reply Reply Quote 3
                                      • S SteveITS referenced this topic on
                                      • DefenderLLCD
                                        DefenderLLC @fireodo
                                        last edited by

                                        @fireodo said in 3.1.0_6 UPDATE:

                                        @bbcan177 said in 3.1.0_6 UPDATE:

                                        Before the pitch forks come out..

                                        😂 😂 😂

                                        Thanks for the patience!

                                        Thank YOU for clarification and Thank You for your work! (has to be said)

                                        Kind regards,
                                        fireodo

                                        Amen!

                                        fireodoF 1 Reply Last reply Reply Quote 0
                                        • fireodoF
                                          fireodo @DefenderLLC
                                          last edited by

                                          @cloudified said in 3.1.0_6 UPDATE:

                                          Amen!

                                          😅

                                          Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                                          SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                                          pfsense 2.8.0 CE
                                          Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                                          1 Reply Last reply Reply Quote 0
                                          • keyserK
                                            keyser Rebel Alliance @BBcan177
                                            last edited by

                                            @bbcan177 This is the best news in a long time given the slightly shaky rumours that have been circulating.

                                            Thank you for your excellent work - your package is what makes pfSense the best solution around :-)

                                            Love the no fuss of using the official appliances :-)

                                            1 Reply Last reply Reply Quote 3
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.