PfBlocker doesn't start after upgrade
-
pfBlocker can really eat RAM if you're using large lists. Check the logs for 'out of memory/swap' errors.
Steve
-
These are the log entries during the time of the attempt to start pfBlocker that resulted in the 500 server error.
2015-01-24T14:16:11+01:00 adsl [daemon.err] php-fpm[23705]: /pkg_edit.php: Starting pfBlocker sync process. 2015-01-24T14:16:11+01:00 adsl [daemon.err] php-fpm[23705]: /pkg_edit.php: Starting pfBlocker sync process. 2015-01-24T14:17:48+01:00 adsl [daemon.err] lighttpd[22209]: (mod_fastcgi.c.2562) unexpected end-of-file (perhaps the fastcgi process died): pid: 0 socket: unix:/var/run/php-fpm.socket 2015-01-24T14:17:48+01:00 adsl [daemon.err] lighttpd[22209]: (mod_fastcgi.c.2562) unexpected end-of-file (perhaps the fastcgi process died): pid: 0 socket: unix:/var/run/php-fpm.socket 2015-01-24T14:17:48+01:00 adsl [kern.info] kernel: pid 23705 (php-fpm), uid 0: exited on signal 11 (core dumped) 2015-01-24T14:17:48+01:00 adsl [daemon.err] lighttpd[22209]: (mod_fastcgi.c.3346) response not received, request sent: 1365 on socket: unix:/var/run/php-fpm.socket for /pkg_edit.php?, closing connection 2015-01-24T14:17:48+01:00 adsl [daemon.err] lighttpd[22209]: (mod_fastcgi.c.3346) response not received, request sent: 1365 on socket: unix:/var/run/php-fpm.socket for /pkg_edit.php?, closing connection -
What lists are you using in pfblocker. Maybe one of them in crashing it.
-
Check your lists files if they are not corrupt. I had during my upgrade a few corrupt files, ssh keys, unbound root.key file.
Could be that this is the same problem.
-
What lists are you using in pfblocker. Maybe one of them in crashing it.
I haven't made any changes during the upgrade. I use a couple of entries from the "Top Spammers" category, plus two additional lists:
http://list.iblocklist.com/?list=sh_drop&fileformat=p2p&archiveformat=gz http://list.iblocklist.com/?list=bt_dshield&fileformat=p2p&archiveformat=gzRoman
-
Try to disable pfblocker, ensure that it removes the rules and alias urls, then re-enable…
If its still an issue remove the Iblock lists and see if the Top spammers works on its own.
After that we can try a few other steps.
-
Try to disable pfblocker, ensure that it removes the rules and alias urls, then re-enable…
That doesn't help. Server error everytime I try to save the pfBlocker configuration with any lists enabled.
If its still an issue remove the Iblock lists and see if the Top spammers works on its own.
Deleting the alias with the two lists I mentioned earlier from the "Lists" helped. The top spammers alone do indeed work.
I then tried to define a new alias, with just one of the lists. Hitting "Save" got me back immediately to the "500 - Server error" -
If you add a new list with a single entry like this one :
http://www.spamhaus.org/drop/drop.txt
Does this download ok?
IBlock is not the original source of those Lists that you are using. You should use the following:
http://www.spamhaus.org/drop/drop.txt
http://www.spamhaus.org/drop/edrop.txt
https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt -
If you add a new list with a single entr like this one :
…
Does this download ok?Yes, this works.
IBlock is not the original source of those Lists that you are using. You should use the following:
…All four of these do work fine. Thank you.
Roman
-
I think there might be an issue with the Range to Cidr function in pfsense.. and as such it crashes when its trying to convert the Iblock lists…
-
Had the same problem.
removed lists and added them back in.Lists that caused errors:
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklisthttps://spyeyetracker.abuse.ch/bloclist.php?download=ipblocklist
Lists that gave 500 error.
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz -
I think there might be an issue with the Range to Cidr function in pfsense.. and as such it crashes when its trying to convert the Iblock lists…
I agree with BBcan177.. I've heard of a lot of complaints that pfBlocker isn't working correctly in 2.2 due to that function change. pfBlockerNG includes a new function for this and works great! I believe there is a pull request to have the function added to pfSense but hasn't been committed yet
-
What if you just send the request as pfblocker v2 update?
Should be easier to get only this version on 2.2 as pfblockerng base was the pfblocker package. -
I imagine you may have to wait for a while for anything. Right about now I should think the devs have their hands full with the issues that are inevitably discovered when suddenly many thousands of new installs across many and varied hardware types take place. ;)
Steve
-
I imagine you may have to wait for a while for anything. Right about now I should think the devs have their hands full with the issues that are inevitably discovered when suddenly many thousands of new installs across many and varied hardware types take place. ;)
Steve
Most of the issue I'm seeing on the forum are because of packages not working.
-
Most of the issue I'm seeing on the forum are because of packages not working.
+1
I'm trying since december to get all working but 2.2 pbi is messing everything up.
Can't wait pbi replacement by pkg ng.
-
I'm trying since december to get all working but 2.2 pbi is messing everything up.
Can't wait pbi replacement by pkg ng.
+100
amen to that!
-
On 2.2 use pfBlockerNG instead of pfBlocker.
-
On 2.2 use pfBlockerNG instead of pfBlocker.
pfBlockerNG isn't in the package list / isn't an approved package for 2.2 yet?
-
On 2.2 use pfBlockerNG instead of pfBlocker.
pfBlockerNG isn't in the package list / isn't an approved package for 2.2 yet?
Depends on how you look at it.. I can't speak for ESF but I've been testing it for months and its working great!
