PfBlockerNG v2 on an Alix
-
My experience sofar 2.01 is not suitable for an Alix. Memory 256MB is too small to survive a few running days. Even with un-checking DNSBL. The pfSense system will run out of /var in RAM due to files like the pfBNG top-1m.csv or pfBNG RAM memory leak or lack of clear-up unused. Then the Alix-pfSense will lock-up and become inaccesible on GUI & serial console…
I want to revert to 1.10. Where to get and how to install pfBNG 1.10 package on 2.2.5 ?
-
Nowhere. Simply disable the DNSBL.
-
… disable the DNSBL.
Will do, one must delete and reinstall and then not use DNSBL. Just unchecking DNSBL in an used install will not clear-out /var.
-
Fresh install pfBNG 2.01 , not useing DNSBL.
What happens…, if I do not use DNSBL, then why does file "top-1m.csv" gets imported after/every a day (file at 0:00 GMT) ?
How to prevent this 22MB sheetload in /var (inc 30 to 70%) and living in RAM and then with an entry there (inc from 37 to 54%) ? What is retrieving & loading this top-1m.csv, not on install but, later within 24hrs ?
For now I deleted the /var/db/pfblockerng/top-1m.csv. Disk usage /var(in RAM) cleared. Likely no Memory clear-out (expect 54 to 37%).
-
@hda:
Fresh install pfBNG 2.01 , not useing DNSBL.
What happens…, if I do not use DNSBL, then why does file "top-1m.csv" gets imported after/every a day (file at 0:00 GMT) ?
How to prevent this 22MB sheetload in /var (inc 30 to 70%) and living in RAM and then with an entry there (inc from 37 to 54%) ? What is retrieving & loading this top-1m.csv, not on install but, later within 24hrs ?https://github.com/pfsense/pfsense-packages/pull/1206
-
-
2.0.2 merged, should be fixed.
-
Have a look-see. Cold boot, fresh install pfBNG, no-DNSBL. Good sofar.
-
Thanks Dok…
The Alexa download occurs the first Tuesday of each month (along with the MaxMind dbs), so that is why you saw it download after the re-install of the pkg. The fix that Dok submitted, was that one of the variables wasn't defined in a global array and would download regardless.
Otherwise, I would really suggest moving to a device with some more space :) Glad that its working for you now...
-
The Alexa download occurs the first Tuesday of each month (along with the MaxMind dbs)…
OK that explains the lock-out from pfSense. Memory overload. Why download big files at almost the same time ? Separate them a day or so ? Just know that clean-up of stale/used Memory takes a time like 2 to 24 hrs. Maybe I can use DNSBL again later in 2.03. Thanks.
No wont't upgrade until need to go beyond fiber 20/20 Mbps, and, K.I.S.S., I believe in compact code and observeable CPU & memory behaviour. Those with octacoreand32GB see notin… ;)
-
2.2.5 & 2.03 plus DNSBL again after 24hrs looking good; 59%Memory 57%/var. Thanks :)
-
A blow-out from DNSBL to error.log. /var up sudden to 76%. See for typical errors in file and more than (config) 20000 lines… I don't like that at all.
-
@hda:
A blow-out from DNSBL to error.log. /var up sudden to 76%. See for typical errors in file and more than (config) 20000 lines… I don't like that at all.
Do you have R/W enabled by default?
-
-
pfBNG 2.0.4 on 2.2.6. See extra.log
Hmmm, when on .ro. (read-only) access to the filesystem seems a failure and when on .rw. it looks OK, but then dnsbl.log is reporting writing problems ? Besides in both cases I see double entries about download reports.
So what is in general the supposed state (ro or rw) for using pfBNG ?
