Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG Single core @ 100% for 5 minutes unscheduled

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 2 Posters 75 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK Offline
      keyser Rebel Alliance
      last edited by

      Hi all.

      Just wondering if I’m the only one that noticed this after upgrading to 25.07 and pFblocker 3.2.7:

      I have my pfBlockerNG set to update every night at 02:00am and it does (like it also did before).

      But after the upgrade I also have a pfBlockerNG PHP script running at about 16:00 on one box and 19:00 on another. The command is:
      /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng-php dcc(php)

      This process eats a lot of CPU, about 1 minutes worth of one core @ 100% on my 6100 and one core @ 100% for about 5 minutes on the less powerfull 2100 box (This is 50% of the 2100 CPU power).
      It seems it does a GEOIP update as that is the only thing thats referenced in the extras.log of pfBlockerNG.

      Why is this suddently so different from running on 24.11? And why is this not done at 02:00 when its scheduled to update?

      Love the no fuss of using the official appliances :-)

      J 1 Reply Last reply Reply Quote 0
      • J Offline
        jrey @keyser
        last edited by

        @keyser

        That is normal - the download of the GeoIP asn data is randomized (once when the system is setup) Why it runs at different times on different boxes.
        When you schedule pfblocker to run at 2:00 all the ASN files are then already local and not downloaded again.

        Put it another way, the older version would download every ASN file, every time, pfblocker ran an update via cron.
        so if you ran pfblocker hourly, you would be downloading ASN data file for your selected ASNs every time it ran the cron job ran.
        Now the download only happens once (at the preselected randomized time) and you get every ASN available )
        You can run the pfblolcker cron updates as many times as you like and they will not download anything (Geo /ASN) related. it will just update those lists from the local data. You can even add a "new" ASN to your selection, and it will already be available.

        on a 2100 this ASN database download (as you noted is logged in the extras.log) takes all of 15 seconds here. I would likely never see a CPU hit specifically related to this download.

        Download Process Starting [ 08/14/25 07:45:01 ]
 /usr/local/share/GeoIP/asn.mmdb		200 OK
 /usr/local/share/GeoIP/asn.csv.gz		200 OK
ASN Lookup Table has been updated [ 08/14/25 07:45:05 ]
Download Process Ended [ 08/14/25 07:45:16 ]
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.