PfBlocker Lists Disappearing?
-
Hello,
I'm running pfBlocker with about 5 blocklists defines. Periodically they some of them disappear from the dashboard widget. I still see them under pfBlocker>Lists. I do not see the list aliases under Diagnostics>Tables though. Rebooting pfSense will usually bring them back. Any idea why this might be happening?
I'm running pfSense 2.1.3 and pfBlocker 1.0.2. For what it's worth this is running on a VM.
Thanks for any input.
-
If the list doesn't download properly, it will cause this issue. Do you have Snort or any blocks in the Firewall Logs blocking the download process?
Which lists are you using?
-
@BBcan17:
If the list doesn't download properly, it will cause this issue. Do you have Snort or any blocks in the Firewall Logs blocking the download process?
Which lists are you using?
Primary Threats, Bluetack level1, anti-infringement, usgov, xthreats… I'm not running snort. I tried in the past but found it used too much RAM for my current hardware. I'll check the logs. Is there a way to force update the lists?
-
For the "primary Threats", list is this the link you used?
http://list.iblocklist.com/?list=ijfqtofzixtwayqovmxn&fileformat=p2p&archiveformat=gz
What is your update Frequency setting?
You could try these pfBlocker Cron jobs in an SSH shell or from the Command Prompt
/usr/bin/nice -n20 /etc/rc.update_urltables
/usr/local/bin/php -q /usr/local/www/pfblocker.php cronDid you try to Disable and Re-Enable pfBlocker?
I have seen some strange activity with pfBlocker and it seems to go away on its own.
-
My list link had a different domain name. I just updated it from I-blocklist which matches what you posted. When I tried to save I got the following error:
Fatal error: Allowed memory size of 262144000 bytes exhausted (tried to allocate 32 bytes) in /usr/local/pkg/pfblocker.inc on line 253
It seems like I have a memory problem…. I have 1GB of RAM total. pfSense is currently utilizing 34%. Usually with all of the lists working as they should it uses around 52%. I'm not sure how I can allocate more to pfBlocker...
All of my lists are set to update daily. I did try disable/enable. When I tried to enable again I got the same error as above.
-
1GB is really not enough… You should bump that to 4GB atleast and you could add Snort or Suricata for additional protection and use more Blocklists.
You could try to increase the "Max Table Size", but I think your error is different then the Table Size issue.
Advanced:Firewall/NAT:
"Firewall Maximum Table Entries"
Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.
Note: Leave this blank for the default.This link is to someone who had the same problem, they rolled back to 2.1.2 and reloaded 2.1.3 and it fixed his issue. But I still think you need more memory.
-
Thanks for the link. Since this is a VM, I increased RAM to 2GB (the host system only has 4GB total) and I need at least 2GB to run Win7 and VMware. The increase didn't fix the issue though. I'll try the rollback.
-
Hi everybody,
I'm facing a similar problem. System:
pfSense 2.1.3
pfBlocker 1.0.2
4GB RAM (30% used, 70% free)
System / Advanced / Firewall-NAT / Firewall Maximum Table Entries = 1000000We have 21 "alias only" lists working perfectly.
I'm trying to add a new list that contains over 46000 CIDRs, I assume this number is too high cause when I save the list and go back to modify it, the CIDR section is empty.
I've tried to divide the 46k CIDRs list into two smaller 23k lists and that works perfectly.
Tonight I'm going to try and upload a file directly to the pfSense and see If that works, but I'd like to know If there is anywhere else I can check to solve this correctly.
Thanks in advanced.
Best regards,
Joel. -
Hello Joel,
Which Blocklist are you trying to download. Sometimes pfBlocker does not like certain formats.
The issue with pfBlocker is that the more lists you have, you run into duplication across all of the lists as they are treated individually by the pf Tables.
I wrote a script that does what pfBlocker does but adds more functionality.
https://forum.pfsense.org/index.php?topic=78062.msg426417#msg426417
-
Hi,
The truth is that I don't download the lists, I create them manually with info from www.countryipblocks.net.
The duplicate info problem makes sense, but I doubt that it is the root cause for my problem because I can't create 1 big list, but I can create 2 smaller lists. If duplicated CIDRs was the problem It wouldn't let me create the lists either way…
I always select: "Alias only" creating the list, and "Never update".
Thanks again!
Best regards,
Joel. -
pfBlocker should handle that amount of IPs. Just need to make sure the Table Count in Advanced settings is set high enough.
Maybe pfBlocker doesn't like the format of the CIDR or Range that you are using.
Can you post one line of the Country Blocks here?
You could also try my script that has Country Blocking built in and will auto update on its own using the Maxmind GeoIP Database.
https://forum.pfsense.org/index.php?topic=78062.msg426417#msg426417
-
Hi BBCan177,
I am going to try your script. I'll get back to you to let you know my results :)
Thanks again for your help!
Best regards,
Joel.