PfBlockerNG
-
@BBCan:
Thanks for mailing me I was (almost) missing all the fun ;)
The package really needs to be released officially!Great marcelloc pointed out the old pfblocker is now obsolete and should be replaced with pfBlockerNG.
-
Not in my package list yet (just the old blocker package). Looking forward to it though!!
I seen it in packages today. Got the update from it.
-
See:
https://forum.pfsense.org/index.php?topic=86212.msg481358#msg481358Make sure you read this entire thread.
Not in my package list yet (just the old blocker package). Looking forward to it though!!
I seen it in packages today. Got the update from it.
-
-
The pull request needs to be merged by pfsense team before you can use it without any hacks.
-
Ha, ha, ha… I was wondering the same thing too!
-
I used the patch method to install pfBlockerNG, and it was working well on two machines until a reboot. After a reboot the country block lists in /var/db/aliastables/ are all empty but for a single entry of 1.1.1.1.
Forcing an update does not fetch the correct files, and no blocking is taking place.
-
I used the patch method to install pfBlockerNG, and it was working well on two machines until a reboot.
Is this a Nano install where the /var folder is getting deleted on reboot?
This is a question I have asked the Devs to find a solution for… As these files should be stored in the /var folder. The previous pfBlocker package used to store the files in the /usr/local folder. This issue is only limited to Nano and Ramdisk type installs.
Run the following shell command to Re-Download the Maxmind Database, and restore the Country code files in the /var folder.
php /usr/local/www/pfblockerng/pfblockerng.php dc
Following that, execute a "Force Update"
-
Is this a Nano install where the /var folder is getting deleted on reboot?
I guess so.
You may need a conf mount rw to backup data on package save.
I found a long time ago a guide to run nanobsd on virtual machine. This way will be easier to debug cf installs.
-
You may need a conf mount rw to backup data on package save.
I found a long time ago a guide to run nanobsd on virtual machine. This way will be easier to debug cf installs.
Yes, I have a similar doc on that running a Nano in a VM. In this instance, there is nothing to debug.. The /var/db folder which contains the Maxmind Country files get wiped on reboot. I can make a hack way around it in the code which probably is not the best.
This is a question I have posed to the Devs, but I am waiting on feedback for the best approach. I do not want to save these files to the /usr/local folder.
Maybe could put it in the PBI Share Folder?
-
Yes indeed, it is a nano install. Thank you for the fix!
-
The /var/db folder which contains the Maxmind Country files get wiped on reboot. I can make a hack way around it in the code which probably is not the best.
This is a question I have posed to the Devs, but I am waiting on feedback for the best approach. I do not want to save these files to the /usr/local folder.
Maybe could put it in the PBI Share Folder?The /var/db thing is rather unfortunate, not just b/c it's volatile but also since the directory is pretty huge. Takes over 1/3 of the default /var ramdisk.
-
pfBlockerNG needs the Maxmind database country codes otherwise most of the functions will not work.
-
pfBlockerNG needs the Maxmind database country codes otherwise most of the functions will not work.
Hmmm, yeah… and the point being? It's already there.
-
The point being if we added a "disable country codes" mode then you would free up the memory.
This can be a solution for low-memory devices, but then you would miss out all the benefits like reputation, country blocking etc. -
And what would be the point of doing that in a countryblock package?
-
The point being if we added a "disable country codes" mode then you would free up the memory.
Cannot see anyone suggesting something similar anywhere. All that's being discussed here is moving the files to a better place.
-
The /var/db thing is rather unfortunate, not just b/c it's volatile but also since the directory is pretty huge. Takes over 1/3 of the default /var ramdisk.
Thats why I suggested the option to disable country blocking as a whole, only as an option…
And what would be the point of doing that in a countryblock package?
pfBlockerNG is much more than just a countryblock package.
I think most of the users use pfBlockerNG as an ip-blocklist and use the countrycodes only for reputation. -
Well. I can tell you differently…
I use them for blocking as well since I dont want anything to do with the countries I block....and my customers dont have any business there as well.
So I dont get the traffic on my servers and I can sleep fairly safe at night :D
-
Meanwhile, you can use Shellcmd package and run this as shellcmd on nanobsd boxes:
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcto get the blocklists back on reboot.
