PfBlockerNG v2.0 w/DNSBL
-
On 2.3 beta since the beginning, pfBlockerNG is working pretty fine, grazie for your work BBcan177!
-
Hi!
I read the info about 2.3 and I shall update asap. For the time being I'd like to update to 2.0.5 on an older 2.2. box. The installation aborted with the message
Downloading https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi ... could not download from thereIt seems that the .pbi file is missing. Did someone else run into the same problem?
-
Hi!
I read the info about 2.3 and I shall update asap. For the time being I'd like to update to 2.0.5 on an older 2.2. box. The installation aborted with the message
Downloading https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi ... could not download from thereIt seems that the .pbi file is missing. Did someone else run into the same problem?
I can download the file from the shell without issue:
fetch -o /tmp/pfblockerng-1.6.6-amd64.pbi https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi -
This time the file was found.
-
Haven't had issues with pfBlockerNG on 2.2.x, but I've upgraded to 2.3RC (and I've tried uninstalling/reinstalling pfB), but I get this error and a pfSense crash report every time I click the Alerts tab under pfBlockerNG's section:
Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes) in /usr/local/www/pfblockerng/pfblockerng_alerts.php on line 581 Call Stack: 0.0141 232168 1. {main}() /usr/local/www/pfblockerng/pfblockerng_alerts.php:0 1.4219 2882400 2. conv_log_filter_lite() /usr/local/www/pfblockerng/pfblockerng_alerts.php:362 1.4220 2883016 3. exec() /usr/local/www/pfblockerng/pfblockerng_alerts.php:581 PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_alerts.php, Line: 581, Message: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes)
This is on a Netgate C2758 box with 8GB of RAM and a small SSD with plenty of space, so this error doesn't make much sense to me. Is there a hard-set limit somewhere that I can adjust upwards?
-
Hi adx442,
The Alerts tab reads the pfSense Firewall logs. How many log entries do you have defined in the syslog settings? Also try to clear the firewall log and see if the error returns. The memory issue is related to PHP and not the hardware itself.
-
Yup, I'd already increased PHP's memory limit to 512M. Turns out, the syslog size was a little too large for even that amount of memory, cutting it in half and clearing the logs did fix the behavior.
Sorry, the only place I'd been seeing this issue exposed was in pfBlockerNG, though it was unrelated in the end.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
-
Same here as noted by Wolf666. Below the link to a related or not issue :o with Unbound not starting properly after any reboot.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
@webtyro:
Same here as noted by Wolf666.
Thanks for the report…
If you are able to modify a file, please edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
In 2.3 - Line : 3149
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3149In 2.2.x - Line: 3156
https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.inc#L3156and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
-
and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
Fix my problem. Thanks BBcan177.
-
Fix mine also.
-
@BBcan177
That did the trick for mine also. Thank you. -
Semi complete n00b here. I got it up and running with just dnsbl. However it just stops after a few hours and lets everything through. Is there something i can check? I cant see any errors being thrown in the logs, cron jobs are doing things etc every hour.
-
Ensure that your LAN devices have their DNS settings set to only pfSense. If you ping the DNSBL VIP does it resolve? If you browse the the DNSBL VIP do you get the 1x1?
-
i can ping the VIP from my 192.1.6.2.xxx to the VIP http://10.10.10.1/.
If i load up the web page its blank.
Not seeing anything about a gif.
The only hint is <title>10.10.10.1 (1×1)</title>
This happens if it is blocking correctly or incorrectly.
It seems that everything works till the first cron job. After that if i want it to work i have to force update till the next cron job.
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
-
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
Thank you. It has been up for 3 cron jobs and is still working.
After the first reboot after the patch i did have to force update to get this to work the first time:
===[ DNSBL Process ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding -
