Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG-devel v3.2.0_15

    Scheduled Pinned Locked Moved pfBlockerNG
    47 Posts 21 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator @jrey
      last edited by

      @jrey the caching of ASN is not really necessary as it's not polling an external API (BGPview) anymore. So that was previously intended to limit the amount of API requests.

      I left it in for now, but it should probably just be "Enabled" and "Disabled" as options.

      So if a user wants to have then ASN reported in the Alerts/Reports tab and the ability to convert an ASN into IP addresses, then the user needs to set it to only of the caching options. I suggest the 1 hour option.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      J 1 Reply Last reply Reply Quote 0
      • J
        jrey @BBcan177
        last edited by

        @BBcan177

        fair -- the difference in what happens when it is disabled in the current system. disabled now actually prevents the download. - which will likely catch some people and leave them wondering why nothing is happening --- just provided as an FYI.

        BBcan177B 1 Reply Last reply Reply Quote 1
        • tinfoilmattT
          tinfoilmatt
          last edited by tinfoilmatt

          why is v3.2.0_8 the latest pfBlockerNG-devel version available via Package Manager (webConfigurator) on CE 2.7.2? is there some manual package update/intervention required to update to the latest version?

          BBcan177B 1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator @tinfoilmatt
            last edited by BBcan177

            @cyberconsultants there are some different functions between 2.7.2 and other pfSense versions. Hope to have the out next week.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            S 1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator @jrey
              last edited by

              @jrey I will add a note to the change log.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 2
              • BBcan177B BBcan177 pinned this topic on
              • S
                Sissy @BBcan177
                last edited by

                @BBcan177 I am running pfSense 2.7.2 and I use ASNs extensively for both whitelisting and blacklisting, so this BGPview-created mess has caused me a lot of grief.

                I have been checking this thread, and the pfSense GUI, multiple times per day for news on the availability of a pfBlockerNG update that resolves this. I'm poised for action with my recently obtained IPinfo account and token.

                Thanks for your efforts.

                1 Reply Last reply Reply Quote 0
                • R
                  revengineer
                  last edited by

                  Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?

                  M 1 Reply Last reply Reply Quote 1
                  • R
                    revengineer
                    last edited by

                    It looks like same report on reddit in this post. Not sure how to recover my CE as I don't think we have boot environments to recover.

                    1 Reply Last reply Reply Quote 0
                    • M
                      mcury Rebel Alliance @revengineer
                      last edited by mcury

                      @revengineer said in pfBlockerNG-devel v3.2.0_15:

                      Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?

                      same problem here.

                      Edit:
                      It was using only one core, now both are 100% usage:

                      003e4122-1468-4771-9a76-5f263556c582-image.png

                      Edit2: Killed php-fpm process, then shell option:16) Restart PHP-FPM and recovered access to the GUI.
                      I'll restore boot environment pretty soon.

                      dead on arrival, nowhere to be found.

                      R 1 Reply Last reply Reply Quote 0
                      • R
                        revengineer @mcury
                        last edited by revengineer

                        @mcury So you killed the pool nginx process and not the pfblockerng-devel post-install one?

                        Edit: I tried option 16 and it does not work for me, no GUI.

                        BBcan177B M 2 Replies Last reply Reply Quote 1
                        • BBcan177B
                          BBcan177 Moderator @revengineer
                          last edited by

                          @revengineer can you try to download the pfblockerng.inc file from this reddit post. Amd see if that fixes it. Use the 2.7.2 Version.

                          https://www.reddit.com/r/pfBlockerNG/s/TV1gP3v96L

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          J 1 Reply Last reply Reply Quote 0
                          • M
                            mcury Rebel Alliance @revengineer
                            last edited by mcury

                            @revengineer said in pfBlockerNG-devel v3.2.0_15:

                            So you killed the pool nginx process and not the pfblockerng-devel post-install one?

                            nuked it completely, killall -KILL php-fpm.
                            then exit and option 16, GUI restored, restored previous boot environment and now I'm 100%.

                            Note that perhaps there is a better way of doing this.. I did because I can always rely on BE.

                            dead on arrival, nowhere to be found.

                            R 1 Reply Last reply Reply Quote 0
                            • R
                              revengineer @mcury
                              last edited by

                              @mcury I got some good help from @BBcan177 over on the reddit forums under this link. With that I managed to recover my firewall. Still waiting for a fix to reinstall the package but in the mean time its working.

                              M 1 Reply Last reply Reply Quote 1
                              • M
                                mcury Rebel Alliance @revengineer
                                last edited by

                                @revengineer said in pfBlockerNG-devel v3.2.0_15:

                                @mcury I got some good help from @BBcan177 over on the reddit forums under this link. With that I managed to recover my firewall. Still waiting for a fix to reinstall the package but in the mean time its working.

                                That is great..

                                I'll also wait for an update on this matter before trying to update it again.

                                dead on arrival, nowhere to be found.

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jppowers @BBcan177
                                  last edited by

                                  @BBcan177 for the sake of providing an update and maybe a route for others:

                                  TL;DR:
                                  So, ultimately, if anyone else thought, "Oh, weird. I've got my config, lemme do a reinstall." then stumbles on this when that doesn't work... using the curl commands shared on reddit, and a combination of rebooting/waiting things out (and console or ssh access to ps auxww or top monitor what's happening the best you can), will get to a place where it's done, but running the curl commands again will then let you get back in. In the mean time, rolling back to the main branch instead of -devel may be the smart move in terms of keeping pfblocker functionality.

                                  What I ran through:

                                  I was running into this, didn't find this thread (or the reddit post(s)) yet, and decided to try a reinstall of the pfsense router because when I just restarted the device it wouldn't boot to a full console, it seemed to lock up when loading the OpenVPN export service although routing was still working. I figured something was wrong with my install, not the package. scp'd my config for safety, and did a restore config during the install, everything seemed to be going fine. Then the webGUI locked up during reinstalling packages like it did when just updating the package. I started digging in and found this.

                                  I was able to SSH into the machine, copy/paste the curl commands, and after a bit it appears as if the package actually installed while I was trying to figure out how to restart the pfb_filter service (until I hit a "Oh, I guess it didn't install that yet" wall because the service rc.d files weren't there). It looked like it was not continuing to install other packages so I restarted PHP-FPM. I was still seeing //usr/local/bin/php -f //etc/rc.packages pfSense-pkg-pfBlockerNG-devel POST-INSTALL at 100% usage on a CPU core, still not seeing progress on other packages, so I restarted the machine. After a couple minutes the POST-INSTALL process is back to running a CPU at full and the webUI became unreachable again. After a little bit the POST-INSTALL process went away on it's own, then saw a bunch of pool nginx threads instead, webUI was still not loading. Watching via ssh, it looked like packages did finish installing but I still wasn't getting webUI so I restarted the router again. At this point, I still wasn't getting back into the webUI, but routing still worked.

                                  I figured I'd rerun the curl commands to get things from the github gist again, the pfb_filter service still didn't seem to exist so just I just rebooted the router, and it looked like everything was "fine" now except pfblocker is definitely not installed right. No menu item under firewall, the dashboard widget is showing nothing, etc. For now I'm removing the -devel package and switching to the stable release package. It didn't offer to let me keep my settings but it appears to still have kept them. At least, after running the force update to rebuild things it looks like my DNSBL whitelists are kept as well as all my other settings.

                                  Wanted to share the story as I imagine there may be another "Eeeh, a reinstall is easy enough since I have my config" person out there. It's fixable.

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    bchan
                                    last edited by

                                    This post is deleted!
                                    1 Reply Last reply Reply Quote 0
                                    • GertjanG Gertjan referenced this topic on
                                    • S Spacey 0 referenced this topic on
                                    • S
                                      Spacey 0
                                      last edited by

                                      To add my solution (no idea how "dirty" it is):

                                      I SSH'd in and executed "pkg install pfSense-pkg-pfBlockerNG" to get the -stable version. While the de-installation of -devel got stuck I SSH'd a second shell & searched for the 100% php process and just killed that one. Not the de-installation of -devel and installation of -stable continued. After finishing I could reach the GUI again and it looks normal.

                                      UnoptanioU D 2 Replies Last reply Reply Quote 1
                                      • UnoptanioU
                                        Unoptanio @Spacey 0
                                        last edited by Unoptanio

                                        @BBcan177

                                        I did the update.
                                        In the last two entries he did not write DONE. is this correct?

                                        >>> Upgrading pfSense-pkg-pfBlockerNG-devel...
                                        Updating pfSense-core repository catalogue...
                                        pfSense-core repository is up to date.
                                        Updating pfSense repository catalogue...
                                        pfSense repository is up to date.
                                        All repositories are up to date.
                                        The following 1 package(s) will be affected (of 0 checked):
                                        
                                        Installed packages to be UPGRADED:
                                        	pfSense-pkg-pfBlockerNG-devel: 3.2.0_10 -> 3.2.0_15 [pfSense]
                                        
                                        Number of packages to be upgraded: 1
                                        
                                        The operation will free 1 MiB.
                                        2 MiB to be downloaded.
                                        [1/1] Fetching pfSense-pkg-pfBlockerNG-devel-3.2.0_15.pkg: .......... done
                                        Checking integrity... done (0 conflicting)
                                        [1/1] Upgrading pfSense-pkg-pfBlockerNG-devel from 3.2.0_10 to 3.2.0_15...
                                        [1/1] Extracting pfSense-pkg-pfBlockerNG-devel-3.2.0_15: .......... done
                                        Removing pfBlockerNG-devel components...
                                        Menu items... done.
                                        Services... done.
                                        Loading package instructions...
                                        Removing pfBlockerNG... All customizations/data will be retained... done.
                                        Saving updated package information...
                                        overwrite!
                                        Loading package configuration... done.
                                        Configuring package components...
                                        Loading package instructions...
                                        

                                        a47fae83-b63b-4c00-be46-c4d5fa584199-image.png

                                        After the update, it no longer lets me log in to the pfsense gui,

                                        bd448a3e-f1fe-491c-aba7-9b42ec87ba84-image.png

                                        CPU is at 100%
                                        I can hear the CPU cooling fan already on full blast
                                        shell command prompt is blocked
                                        What should I do??
                                        i try to restart system

                                        pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                                        CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                                        n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                                        A 1 Reply Last reply Reply Quote 1
                                        • I
                                          IT_Luke
                                          last edited by

                                          Whooops, I had just clicked on upgrade package and at the same time landed here to read up on the update. Lucky I have an HA setup and a backup of the first VM which I started to update. Both php processes on both CPUs were swapping to 100% CPU usage when I dropped in the cli to take a peek with top as reported. I didn't want to go through the fix hassle and just restored the previous backup of my first pfSense VM while the second one became master (Hail to HA and CARP! How many times has this setup saved me unwanted trips and angry calls!) and in less than 7 minutes everything was back to normal. Definitely will wait this one out ;)

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            aivxtla @Unoptanio
                                            last edited by aivxtla

                                            @Unoptanio interestingly you can still get into the gui via other pages like the package manager etc. Had the same issue but the url extension for the package manager page autofilled by my browser and I was able to get in that way. Only the main page of the GUI doesn’t work, once in if you click on the main landing page it will still get stuck all the other parts of the GUI firewall, nat etc work… Another issue is it’s now showing multiple packages as updatable that have no updates like ntopng; some just reinstall the original package and others get stuck attempting to reinstall. I guess it caused some sort of corruption. Hopefully a fix soon.

                                            UnoptanioU 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.