pfBlockerNG 3.2.0_4 ?

sgw

Adding this here, because I see this behavior with current 3.2.0_4:
pfblockerng seems to block things OK, but the counters in the dashboard widget do not increase at all.
I already reinstalled, restarted etc

sgw

@gertjan thanks for pointing at that script. Testing it as well, great.

Gertjan

@sgw said in pfBlockerNG 3.2.0_4 ?:

@gertjan thanks for pointing at that script. Testing it as well, great.

You mean these :

?

sgw

@gertjan Yes, exactly.

Checked right now: I see entries in "Firewall - pfBlockerNG - Reports" for "IP Block Stats", but not in the Dashboard Widget. There are some packets shown for DNSBL, but not for IP.

I have "PRI1" enabled with "Deny Inbound", so yes, there should be blocking (and the blocking seems to work, only the widget "fails"). It's not that important, but somehow wrong anyway, right?

I also tried to remove and re-add the widget already. Or edit its settings.

pfsjap

@gertjan Thank you for the pkg_check, works great.

I'd like to ask about updates, which are part of the of the base system:

Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:

igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]

Is it recommended (and safe) practice to update those also?

Gertjan

@pfsjap

Yes,

pkg upgrade

will do the job.

MarinSNB

@gertjan How do I add this script? Do I do it using the Filer package? Would appreciate a snapshot of your configuration. I have already added the needs Cron job for it as you indicated.

Thanks much!

michmoor

@gertjan Would you happen to know what the pfsense-upgrade package is?
I get this message even after i performed my firmware upgrade on the 6100.

Installed packages to be UPGRADED:
        igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
        pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]

Number of packages to be upgraded: 2

46 KiB to be downloaded.

Proceed with this action? [y/N]:

rcoleman-netgate

@michmoor said in pfBlockerNG 3.2.0_4 ?:

Would you happen to know what the pfsense-upgrade package is?

It is the package that handles all pfSense updates and upgrades.

michmoor

@rcoleman-netgate gotcha. Does it need an upgrade anyway? During the normal package upgrade process via the GUI, I don’t see this option.

rcoleman-netgate

@michmoor it includes references needed to provide future updates and upgrades, so yes, it should always be upgraded when it prompts for a change.

michmoor

@rcoleman-netgate is there a way to make that visible via the GUI? Maybe it is but I missed it?
For my normal workflow I don’t go into the shell unless I absolutely need to.
pkg upgrade isn’t something i have normally done when managing any pfsense but I will add it now.

rcoleman-netgate

@michmoor I believe it is part of the regular update checker but I am not an expert, or even an intermediate on this item. @stephenw10 might have your answer.

Gertjan

@marinsnb said in pfBlockerNG 3.2.0_4 ?:

How do I add this script?

Copy paste in a text editor !

There is a build in text editor in pfSense, I forgot it's name.
There is 'vi' of course, but I'm not going to advise you use that one ;)

edit : found it : is ee, so

ee /root/pkg_check.php

.....

pkg install nano

All you need to do now is : how to save a file with nano.
(searching etc is for later)

When nano is installed :

nano /root/pkg_check.php

and paste (ctrl-V or if you use Putty : right mous click) into the editor.

Ctrl-w to write the file.
Ctrl-x to exit the editor.

sgw

Still no "Packets" in the widget:

But I see packets blocked in the Logs of pfblockerNG.

Gertjan

@michmoor said in pfBlockerNG 3.2.0_4 ?:

Installed packages to be UPGRADED:
igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]

These are 'real' FreeBSD packages that make part of what pfSense is.
True, you won't see them in the classic GUI installed packages list.

and yes, normally, no body will actually 'see' when they are available.
What I do know is that they, eventually, get installed.
When ? Probably when you visit System > Update > Update Settings and/or System > Update > System Update

As soon as I had the possibility to see this list of non-GUI packages, I never had the patience to 'wait and see' if and when they get installed, I just install them from the command line :

pkg upgrade

MarinSNB

@gertjan thanks!

manilx

@gertjan Hi. Installed the script on my 8200. Tried and worked.
I'm not using email for notifications but pushover.
How do I modify the script to use pushover for it's notification:

notify_via_smtp($msg);

notify_via_pushover($msg); ????

Thx!

Gertjan

@manilx said in pfBlockerNG 3.2.0_4 ?:

notify_via_smtp($msg);

That's me, scripting the selfish way : I only use smtp, so I called that function directly.

@manilx said in pfBlockerNG 3.2.0_4 ?:

notify_via_pushover($msg); ????

looks fine to me.
Look at the last 6 or 8 lines from /etc/inc/notices.inc - you'll get the picture.

notify_all_remote($msg);

would be best, as it tries everything (that is configured).

manilx

@gertjan said in pfBlockerNG 3.2.0_4 ?:

notify_all_remote($msg);

Got it. Thx!