PfBlockerNG

cjbujold

Encountering a strange error this morning.  IP's are getting blocked which are in none of the block list I use.  For example in the image all the IP's shown blocked with the LIST "No Match"status  are not in any of my block list, yet they are being blocked.

I presume it is a configuration error, but I can't seem to locate it.  Also the rule listed as activating the block,  changes as I disable the rule list that says activated the block.  The block goes to the next rule list I have and shows the same block.

Any help would be appreciated.

cjb

BBcan177

Clear the Firewall log as any firewall rule changes can unsync the alerts.

digdug3

@reggie14:

BBcan177- Indeed- thanks for the clear instructions.  I should have figured that out myself much faster.  I knew there must be a better way, but the custom list heading didn't sound right until I actually read the instructions/examples around it.

Dropping the alert count helps, although sometimes even then I have awfully high CPU usage.  Luckily, I don't really need to use it most of the time.  I can view the firewall logs page without running into this problem.

I really appreciate the troubleshooting help!

@Reggie:
Could you give us some more info about the firewall hardware and if you are using 32/64 bit?

cjbujold

I am using AMD 64 Bit version.  Cleared the log, then re-started PF and same result.

What is strange is that the VOIP block list  is a custom list we created using unauthorized IP's hitting our VOIP network, yet the IP's that PF is blocking are DNS or WEB servers and not any of the VOIP 5060 IP's we have in the VOIP list.

BBcan177

@reggie14:

@BBcan177:

The Chrome Browser (All browsers actually) have a Dev mode to help in Debugging. Click F12, when in Chrome and it will show more details that can help diagnose the issue.

Oh, that is what you meant.  It never occurred to me that the browser might be able to provide meaningful diagnostic data on this issue.  It was a good idea, though.  I do see some errors:

https://pfsense.<redacted>/pfblockerng/javascript/domTT/domLib.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/domTT.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/behaviour.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/fadomatic.js Failed to load resource: the server responded with a status of 404 (Not Found)</redacted></redacted></redacted></redacted> 

Hi Reggie,

Digdug3 and I found the following issue in a pfsense file called "fbegin.inc".

A  '/'  was missing in the path for these JS files.

PULL Request #1485

BBcan177

@cjbujold:

I am using AMD 64 Bit version.  Cleared the log, then re-started PF and same result.

What is strange is that the VOIP block list  is a custom list we created using unauthorized IP's hitting our VOIP network, yet the IP's that PF is blocking are DNS or WEB servers and not any of the VOIP 5060 IP's we have in the VOIP list.

Hi cjbujold,

I'm not 100% following… If you want some more help, send me a PM.

BBcan177

@reggie14:

Dropping the alert count helps, although sometimes even then I have awfully high CPU usage.  Luckily, I don't really need to use it most of the time.  I can view the firewall logs page without running into this problem.

Hi reggie, Some modifications were made to the Alerts Tab to reduce the overhead. If you are interested in testing this file, send me a PM before I submit a Pull Request for it…

BBcan177

@BBcan177:

I have posted Pull Request #818 to fix the following issues:

1.  Improved IPv6 Regex
  2.  Suppress '0.0.0.0/32' from being added to any Alias/Lists.
  3.  General Tab - Moved the "Keep" Checkbox to be just below the
        "Enable pfBNG" checkbox.

This will bump pfBNG to version 1.04

@BBcan177:

https://pfsense.<redacted>/pfblockerng/javascript/domTT/domLib.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/domTT.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/behaviour.js Failed to load resource: the server responded with a status of 404 (Not Found)
https://pfsense.<redacted>/pfblockerng/javascript/domTT/fadomatic.js Failed to load resource: the server responded with a status of 404 (Not Found)</redacted></redacted></redacted></redacted> 

Digdug3 and I found the following issue in a pfsense file called "fbegin.inc".

A  '/'  was missing in the path for these JS files.

PULL Request #1485

PR #0818  -  has been Merged. (pfBNG v1.04)
PR #1485  -  has been Merged. To get this update, you will either need to Gitsync
                    or Use the Patch Manager.
                    (or manually edit the file /usr/local/www/fbegin.inc)

stuck

Hi fellas,
I upgraded from 2.1.5 (with pfblocker) to 2.2 just yesterday.  After the upgrade, I saw errors relating to pfblocker in the dashboard.  So I went looking for the package.  It wasn't installed obviously because it had been replaced by pfblockerNG.  So I installed pfblockerNG.  everything seems to work fine but I continue to get these notices on the banner:

[ There were error(s) loading the rules: /tmp/rules.debug:74: cannot define table pfBlockerpipfilter: Cannot allocate memory - The line in question reads [74]: table persist file /var/db/aliastables/pfBlockerpipfilter.txt]"

Any suggestions on how to fix this error would be appreciated.
Thank you.

marcelloc

Check if you still have aliases and rules from pfBlocker version.
If so, remove it.

marcus556

Ive been browsing through this forum in hopes to find some type of guide to set this up.  It all sounds very great but i have no clue where to start.  I actually made the jump from Untangle over to Pfsense because of all the talk about the adblocking with pfsense and now this package that was just released.  Is there a link anyone can point me in the direction to so i can get everything setup to block ads.  Ive got pfblockerNG installed but thats about it. Thanks in advance

EDIT

Just read in the thread below that ad blocking is going to be supported until version 2.0.  Is this correct?

https://forum.pfsense.org/index.php?topic=80301.0

BBcan177

@marcus556:

Just read in the thread below that ad blocking is going to be supported until version 2.0.  Is this correct?

Yes it will be available in v2.0… You can try the IBlock Ads list which is IP Based. Its not the greatest.

marcus556

@BBcan177:

@marcus556:

Just read in the thread below that ad blocking is going to be supported until version 2.0.  Is this correct?

Yes it will be available in v2.0… You can try the IBlock Ads list which is IP Based. Its not the greatest.

Yes, I've got it all worked out now very good work sir on this package.

As far as the AdBlock on iblock, you are right it isn't the greatest.  I have a question since your doing most of the design it seems, when 2.0 expected for one and two are the list going to be limited to only IP lists or could we say use the AdBlock plus list aka easylist?

BBcan177

@marcus556:

Yes, I've got it all worked out now very good work sir on this package.

As far as the AdBlock on iblock, you are right it isn't the greatest.  I have a question since your doing most of the design it seems, when 2.0 expected for one and two are the list going to be limited to only IP lists or could we say use the AdBlock plus list aka easylist?

Yes I am the Developer of the package .. I haven't put much development into it for the past couple weeks, since v1.0 was released.. Maybe another month or so… I want to make sure that its stable and all the tires kicked every which way by the beta testers that helped me with v1.0  :)

You can see some more Features in this link:
https://forum.pfsense.org/index.php?topic=78356.msg477682#msg477682

I have all of the features in the link working and will be working on Easylist next...

marcus556

@BBcan177:

@marcus556:

Yes, I've got it all worked out now very good work sir on this package.

As far as the AdBlock on iblock, you are right it isn't the greatest.  I have a question since your doing most of the design it seems, when 2.0 expected for one and two are the list going to be limited to only IP lists or could we say use the AdBlock plus list aka easylist?

Yes I am the Developer of the package .. I haven't put much development into it for the past couple weeks, since v1.0 was released.. Maybe another month or so… I want to make sure that its stable and all the tires kicked every which way by the beta testers that helped me with v1.0  :)

You can see some more Features in this link:
https://forum.pfsense.org/index.php?topic=78356.msg477682#msg477682

I have all of the features in the link working and will be working on Easylist next...

Very nice, keep up the good work! Thanks for everything!

marcus556

Has anyone had any impact on the network speed especially internet activity since enabling this? I disabled logging in hopes of speeding things up, could this be slowing things down?

pfsense_fan009

I could nog fully install this: hangs at converting…

newkansan

Be gentle, this is my first post here. :)

When I go to the Alerts tab in pfBlockerNG, it shows the same set of Alerts, all dated Jan 28th.  There are a total of 59 alerts.  I installed pfBlockerNG in early February.  The pfBlockerNG Dashboard Widget does seem to be accurate, with constantly changing counts under the Packets heading, which reset to zero when I update the rules.  In other words, it seems to be working as it should, but the Alerts tab seems to be stuck on the initial set of 59 entries, all dated Jan 28th (not sure why Jan 28th when I installed the package in Feb?).  I've updated pfBlockerNG a couple of times since my initial install, but the same Alerts continue to show.

I did have the original pfBlocker app installed back on the 2.1.5 release, and did not remove it prior to upgrading to 2.2.  At some point after upgrading to 2.2, I uninstalled pfBlocker, then installed pfBlockerNG.  I noticed immediately after installing NG those Alerts dated Jan 28th, which I thought was weird considering that date was many days old.  But I've patiently waited a couple of updates to see if it would resolve itself.  Since it hasn't yet, I'm posting here.

Any ideas?

Thanks!

wcrowder

I can't imagine a scenario where this package would slow down your network. Did you make any other changes the day you installed pfBkockerNG?

@marcus556:

Has anyone had any impact on the network speed especially internet activity since enabling this? I disabled logging in hopes of speeding things up, could this be slowing things down?

marcus556

@wcrowder:

I can't imagine a scenario where this package would slow down your network. Did you make any other changes the day you installed pfBkockerNG?

@marcus556:

Has anyone had any impact on the network speed especially internet activity since enabling this? I disabled logging in hopes of speeding things up, could this be slowing things down?

No other than adding other ip list but none of them are seeing the hits like the top 20 countries list.  I deselected all the top 20 countries and everything is running much smoother now.  I was seeing a lot of packet hits on the ipv4 side.  Im thinking mayb this had something to do with it.