Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New pfblockerNG install Database Sanity check Failed

    Scheduled Pinned Locked Moved pfBlockerNG
    50 Posts 17 Posters 15.0k Views 17 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • tinfoilmattT Offline
      tinfoilmatt @Maltz
      last edited by tinfoilmatt

      @Maltz said in New pfblockerNG install Database Sanity check Failed:

      Versions 3.2.0_8 (and 3.2.0_20?) had two issues with the Database Sanity check. The first one broke the check entirely and it always showed PASSED no matter what. The second one was that the check was checking against "masterfile" instead of "mastercat"

      The first problem was fixed in v3.2.8, which exposed the second problem. The second problem is fixed by the change BBcan177 described above.

      Solid recap. So when all is said and patched, two relevant lines of /usr/local/pkg/pfblockerng/pfblockerng.sh should read...

      Line 1232 (needs manual change until patch released):

      s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})"
      

      Line 1281 (should already be present in package version 3.2.8):

      if [ "${s1}" == "${s2}" ]; then
      
      M 1 Reply Last reply Reply Quote 1
      • M Offline
        MidGe48 @tinfoilmatt
        last edited by

        @tinfoilmatt

        here: running pfSense 2.8.0-RELEASE and pfBlockerNG 3.2.8-dev

        Made the suggested change to line 1232.

        Still same issue showing DNSBL (unbound mode) out of sync.

        Should I revert the channge to ensure that the patch when available works correctly?

        Thanks for nay help.

        LaxarusL 1 Reply Last reply Reply Quote 0
        • LaxarusL Online
          Laxarus @MidGe48
          last edited by Laxarus

          @MidGe48

          I had the same issue

          make the suggested change on line 1232

          then go to general
          uncheck

          • pfBlockerNG Enable
          • Keep Settings Enable
            save
            wait for it to save

          then

          check

          • pfBlockerNG Enable
          • Keep Settings Enable
            save
            wait for it to save

          then

          force reload all

          M M 2 Replies Last reply Reply Quote 0
          • M Offline
            MidGe48 @Laxarus
            last edited by

            @Laxarus

            Thank you Laxarus,

            It seems to have worked.

            1 Reply Last reply Reply Quote 0
            • M Offline
              mull0r @Laxarus
              last edited by

              @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

              Therefore:

              Addition for anyone struggling to find where to edit files on your pfsense system.

              Go to Diagnostics --> Edit File --> insert the location of the file:

              /usr/local/pkg/pfblockerng/pfblockerng.sh
              

              Go to line number 1232 by filling it in the Go to line field.

              That line should read:

              s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"
              

              replace only (leave the rest intact):

              masterfile
              

              to

              mastercat
              

              Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

              J 1 Reply Last reply Reply Quote 0
              • A anthonys referenced this topic on
              • T Offline
                tman222
                last edited by tman222

                Ran into this issue today as well running on 25.07.1 with pfblockerNG-devel 3.2.7. Followed the steps outlined in this thread to edit the pfblockerng.sh file, then deleted/force reloaded all the lists, and all was well again. Thank you everyone in this thread for your your help and great instructions.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  slu @BBcan177
                  last edited by

                  @BBcan177 said in New pfblockerNG install Database Sanity check Failed:

                  From:
                  s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

                  To:
                  s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})"

                  Is it possible to update the pfSense package with a bug fix version?

                  pfSense Gold subscription

                  G 1 Reply Last reply Reply Quote 0
                  • G Offline
                    Gradius @slu
                    last edited by

                    FYI, this bug is still present on pfSense v2.8.1-RC and pfBlockerNG-devel v3.2.8

                    M 1 Reply Last reply Reply Quote 0
                    • N nanda referenced this topic on
                    • J jrey referenced this topic on
                    • N nanda referenced this topic on
                    • M Away
                      mcury Rebel Alliance @Gradius
                      last edited by

                      Same issue on 25.07.1
                      pfBlockerNG-devel 3.2.7

                      Database Sanity check [  FAILED  ] ** These two counts should match! **
                      ------------
                      Masterfile Count    [ 26379 ]
                      Deny folder Count   [ 26378 ]
                      

                      dead on arrival, nowhere to be found.

                      1 Reply Last reply Reply Quote 0
                      • TommyMooT Offline
                        TommyMoo
                        last edited by

                        Thank you BIG Time! I had the same problem with pfBlocker Database mismatch message, and its now fixed...Again, Thanks! 👍

                        1 Reply Last reply Reply Quote 0
                        • TommyMooT Offline
                          TommyMoo
                          last edited by TommyMoo

                          pfBlocker been updated tonight, now the Sanity Check Passes without need of patching!

                          Thanks to the Developer GREAT! Also other bug fixes been applied with the Update! 👍 👍 👍

                          1 Reply Last reply Reply Quote 0
                          • B Offline
                            borgotech
                            last edited by borgotech

                            HI everyone, i have the same issue:
                            pfBlockerNG-devel 3.2.10
                            Version 25.07.1-RELEASE (amd64)
                            built on Wed Aug 20 15:17:00 EEST 2025
                            FreeBSD 15.0-CURRENT

                            ===============================================================
                            
                            Database Sanity check [  FAILED  ] ** These two counts should match! **
                            ------------
                            Masterfile Count    [ 60322 ]
                            Deny folder Count   [ 60323 ]
                            
                            Duplication sanity check (Pass=No IPs reported)
                            ------------------------
                            Masterfile/Deny folder uniq check
                            Deny folder/Masterfile uniq check
                            
                            Sync check (Pass=No IPs reported)
                            ----------	
                            

                            i tried to enable/diable ... uninstall/install but the error is there :(. Can anybody give me an advice. Thank you.

                            TommyMooT 1 Reply Last reply Reply Quote 0
                            • TommyMooT Offline
                              TommyMoo @borgotech
                              last edited by TommyMoo

                              @borgotech Hello, the bug, has been fixed with the latest update of pfBlocker. Please, check, if you have the latest version. In Menu System -> Package Manager -> see, if its the latest version (Appears then highlighted in color Orange in Packagemanager) if an Update is avaible.

                              If all this doesnt help, you can still patch it manually, please read above post by mull0r above here, who replies to Laxarus, he describes how to patch, in short, you have to login to your pfsense via SSH, and then:

                              sudo nano /usr/local/pkg/pfblockerng/pfblockerng.sh

                              then look for the line that contains. use ctrl w for to use nano editor search, and paste in:

                              s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

                              and change that line to:

                              s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})"

                              then, save it, with ctrl o, and leave nano, then just restart pfblocker, and the problem should be gone (worked for me, before last update been release a week ago approx.)

                              Thats it. Now, its should be fixed in the new Update of pfblocker, the Trick / Patch, is only necessary if you have a outdatet pfBlocker installed on your System.

                              Good Luck!

                              B 1 Reply Last reply Reply Quote 0
                              • B Offline
                                borgotech @TommyMoo
                                last edited by

                                @TommyMoo
                                Thank you very much for the answer, as I mentioned above I am on the latest version of PfblockerNG devel pfBlockerNG-devel 3.2.10 and the latest stable version of PfSense+ Version 25.07.1-RELEASE (amd64). The patch in your post and the previous ones do not work because the changes have already been made to the latest version.
                                pfblocker_error.jpg
                                Anyway, thanks again..

                                TommyMooT 1 Reply Last reply Reply Quote 0
                                • TommyMooT Offline
                                  TommyMoo @borgotech
                                  last edited by

                                  @borgotech Hello, Im sorry, its doesnt help you, Im on pfsense 2.8.1 CE ... there, it works... hope someone of the Pros, can help you!

                                  1 Reply Last reply Reply Quote 0
                                  • J Offline
                                    JoeNavy @mull0r
                                    last edited by

                                    @mull0r Thanks for the clear instructions to fix this issue. I am on pfsense+ 25.07.1 and pfBlockerNG 3.2.7.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.