Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    V 3.2.0 with pfsense 23.01 RC 20230202

    Scheduled Pinned Locked Moved pfBlockerNG
    34 Posts 14 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tcw
      last edited by tcw

      @jimp's patch just got applied to an updated pfBlockerNG v. 3.2.0_1. (Thanks!) That appears to have been the only change.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        Using the latest pfSense RC :

        23.01-RC (amd64)
        built on Wed Feb 08 06:11:39 UTC 2023
        

        TLD Whitelist selected.
        I'm here :

        UPDATE PROCESS START [ v3.2.0_1 ] [ 02/8/23 11:13:01 ]
        
        ===[  DNSBL Process  ]================================================
        
        Loading DNSBL Statistics... completed
        Missing DNSBL stats and/or Unbound DNSBL files - Rebuilding
        
        Loading DNSBL SafeSearch...  enabled
        Loading DNSBL Whitelist... completed
        Blacklist database(s) ... exists.
        
        [ StevenBlack_ADs ]		 Downloading update .. 200 OK.
         Whitelist: 15.taboola.com|aax-eu.amazon-adsystem.com|adsafeprotected.com|am-match.taboola.com| ..... snipped
         Orig.    Unique     # Dups     # White    # TOP1M    Final                
         ----------------------------------------------------------------------
         177888   177888     0          97         0          177791               
         ----------------------------------------------------------------------
        
        ------------------------------------------------------------------------
        Assembling DNSBL database...... completed [ 02/8/23 11:13:13 ]
        TLD:
        TLD analysis.. completed [ 02/8/23 11:13:17 ]
        TLD finalize..
        

        and I understand why :

        c4e9c40e-0f77-4f0a-b1d6-7455843d6ec9-image.png

        The /tmp/dnsbl_tld_remove file - the list with TLDs to remove is 37000+ lines.
        The /var/unbound/pfb_py_data.txt.raw file 133608 lines

        [edit]
        From what I make of this : each of the 37000+ lines is checked (grepped) with every line in the 133608 file.
        So, 37000 times 133608 'greps' to be executed.
        That's huge ....

        And I have only one dnsbl feed - with "133608" dnsbl entries.
        [end edit]

        I copied both files to /root/ and repeated the command 'on the command line'.
        This command is great to max out one core, 100 %, and it will take minutes if not hours to complete.

        pfblockerng-devel does this with PHP handling the return (output). That will make things even worse.

        f64cfbb4-af2c-4847-85c2-3382209caa5c-image.png

        49 degrees and rising. Of to the kitchen, looking for some eggs.

        I guess not using (unchecking) Wildcard Blocking (TLD) is the best option right now.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        E 1 Reply Last reply Reply Quote 0
        • E
          emikaadeo @Gertjan
          last edited by

          @gertjan said in V 3.2.0 with pfsense 23.01 RC 20230202:

          I guess not using TLD Whitelisting is the best option right now.

          I'm not using TLD Whitelist
          My DNSBL Mode is set to "Unbound python mode" and as pfBlockerNG states: "TLD Whitelist is not utilized for Unbound python mode! Use DNSBL Whitelist instead."
          The main problem is when Wildcard Blocking (TLD) is enabled.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @emikaadeo
            last edited by

            @emikaadeo
            You're right :

            That's the one :
            46d88a96-fc10-42e7-9750-a1faaa318e91-image.png

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 2
            • S SteveITS referenced this topic on
            • P
              petrt3522
              last edited by petrt3522

              I believe mine is now having the same issue with my upgrade to 23.01-Final. I manually did a reload and it's at 20 minutes, stuck on "TLD finalize."

              I did have an error: On it's first boot I got a banner about this extensive error: https://pastebin.com/aj8q4Mjw than that, It seems to work fine and appears to be passing traffic across 2 VLAN and 1 WAN.

              1 Reply Last reply Reply Quote 1
              • 4
                4NVXr3wHBnQYsHwE
                last edited by

                This happened to me today as well and likewise disabling Wildcard Blocking (TLD) worked around it. grep was stuck at 100% CPU utilization for several minutes otherwise.

                1 Reply Last reply Reply Quote 2
                • O
                  OpIT GmbH
                  last edited by

                  Andy Fix for this? Except disabling Wildcard TLD blocking

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @OpIT GmbH
                    last edited by

                    @opit-gmbh said in V 3.2.0 with pfsense 23.01 RC 20230202:

                    Andy Fix for this? Except disabling Wildcard TLD blocking

                    Not yet: https://www.patreon.com/posts/pfblockerng-v3-2-78781333

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    E 1 Reply Last reply Reply Quote 0
                    • E
                      emikaadeo @SteveITS
                      last edited by

                      @steveits @jmontleon @OpIT-GmbH
                      It is now fixed with 3.2.0_3 version :)
                      https://forum.netgate.com/post/1088962

                      1 Reply Last reply Reply Quote 1
                      • O
                        OpIT GmbH
                        last edited by

                        Yes, working now. THX

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.