Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is pfBlocker safe to use with 2.2?

    Scheduled Pinned Locked Moved pfSense Packages
    13 Posts 6 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      I've hang country list update process when bbcan started testing pfblockerng.

      The first issue the package had with lists was source list used getting paid but it only affect country lists.

      Any lists you find (not ip range lists of course) will work fine.

      If you what to try pfblockerng, follow these steps.
      https://forum.pfsense.org/index.php?topic=86212.msg481358#msg481358

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • J
        jsvg
        last edited by

        We only used the "Top Spammers" list, anyone know if that is affected by the convert ip range function bug?

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          The Top Spammers is not affected. But please note that the Country Database in pfBlocker is over 2 Years old and it severely out-of-date.

          The only issue is with IBlock Files in Range format. (Some are ok, some aren't)

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            As far as I can see, the ip_range_to_subnet_array will be fixed by https://github.com/pfsense/pfsense/commit/7094c303b7d46c9f7b24c3f1bd4432187832e85c which fixes gen_subnetv4_max

            So all this about pfBlocker problems is really just about 1 line of code in util.inc?

            If that is so, why don't we all get the fix into the system and then pfBlocker will run like it used too and it will save all this banter on the forum, and the misunderstanding about what is really broken by the pfBlocker+pfSense-2.2 combination.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @phil.davis:

              As far as I can see, the ip_range_to_subnet_array will be fixed by https://github.com/pfsense/pfsense/commit/7094c303b7d46c9f7b24c3f1bd4432187832e85c which fixes gen_subnetv4_max

              I'm also hoping that they merge the IP Range to Subnet Function by Stilez…
              https://github.com/pfsense/pfsense/pull/974

              This will also make IPv6 conversions possible.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • W
                wcrowder
                last edited by

                Or just finish certification of pfBlockerNG, with https://github.com/pfsense/pfsense-packages/pull/796. Which corrects the problem with the older package and the CIDR function, includes up-to-date country codes and many improvements.

                1 Reply Last reply Reply Quote 0
                • W
                  wcrowder
                  last edited by

                  If that is so, why don't we all get the fix into the system and then pfBlocker will run like it used too and it will save all this banter on the forum, and the misunderstanding about what is really broken by the pfBlocker+pfSense-2.2 combination.

                  pfBlocker has been broken for awhile, even with 2.1.*, NG works.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    pfBlocker has been broken for awhile, even with 2.1.*, NG works.

                    Do you mean

                    1. broken in the "code fails"/"bugs" sense?
                      Or
                    2. broken in the "various data it (like country block lists) is out of date…" sense and so the package is not so useful any more.

                    If (1), then it would be good to fix that so that existing users on 2.1.5 do not have trouble. And then presumably it will also "work" on 2.2.1 with the fixing of underlying code (like gen_subnet_max). Then users can still get the old functionality as it has been for some time. That would reduce the forum noise about "what to do".

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • J
                      jsvg
                      last edited by

                      Got it. So, basically wait for NG…. :(

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        @j@svg:

                        Got it. So, basically wait for NG…. :(

                        There is a manual install steps on pfblockerng thread but I'll send pull request to remove pfblocker and enable pfblockerng on 2.2

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.