PfBlockerNG v2.0 w/DNSBL
-
Yup, I'd already increased PHP's memory limit to 512M. Turns out, the syslog size was a little too large for even that amount of memory, cutting it in half and clearing the logs did fix the behavior.
Sorry, the only place I'd been seeing this issue exposed was in pfBlockerNG, though it was unrelated in the end.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
-
Same here as noted by Wolf666. Below the link to a related or not issue :o with Unbound not starting properly after any reboot.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
@webtyro:
Same here as noted by Wolf666.
Thanks for the report…
If you are able to modify a file, please edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
In 2.3 - Line : 3149
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3149In 2.2.x - Line: 3156
https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.inc#L3156and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
-
and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
Fix my problem. Thanks BBcan177.
-
Fix mine also.
-
@BBcan177
That did the trick for mine also. Thank you. -
Semi complete n00b here. I got it up and running with just dnsbl. However it just stops after a few hours and lets everything through. Is there something i can check? I cant see any errors being thrown in the logs, cron jobs are doing things etc every hour.
-
Ensure that your LAN devices have their DNS settings set to only pfSense. If you ping the DNSBL VIP does it resolve? If you browse the the DNSBL VIP do you get the 1x1?
-
i can ping the VIP from my 192.1.6.2.xxx to the VIP http://10.10.10.1/.
If i load up the web page its blank.
Not seeing anything about a gif.
The only hint is <title>10.10.10.1 (1×1)</title>
This happens if it is blocking correctly or incorrectly.
It seems that everything works till the first cron job. After that if i want it to work i have to force update till the next cron job.
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
-
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
Thank you. It has been up for 3 cron jobs and is still working.
After the first reboot after the patch i did have to force update to get this to work the first time:
===[ DNSBL Process ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding -
-
Hello all,
pfSense noob here. Using pfSense since November 2015. Full install of pfSense on SuperMicro A1SAi-27f0F, 16GM RAM. I am having a strange problem, and am not sure what I did. I was happily using pfBlocker_NG with DNSBL. I upgraded pfBNG from 2.04 to 2.05 four days ago. When I reboot, the LAN interface is now assigned the DNSBL Virtual IP (10.10.10.1) and not the 192.168.1.1 IP as specified under Interfaces: LAN. I have to manually "2) Set interface(s) IP address" in a ssh session, before I can log in to the GUI and disable DNSBL. Reboot, and the LAN gets the 192.168.1.1 IP. Same with 2.05 to 2.06. Did not have this issue with version 2.04. I would rather not wipe the box and start over, if someone might point me in another direction. Thanks in advance.
-
When I reboot, the LAN interface is now assigned the DNSBL Virtual IP (10.10.10.1) and not the 192.168.1.1 IP as specified under Interfaces: LAN.
I assume the LAN interface is DHCP? I have only seen this when another user used bridged interfaces… The DNSBL VIP is a virtual alias in the LAN interface... Maybe your LAN device is not getting an IP address before DNSBL executes?
There has not been any changes to that part of the code, but there is another release "2.0.6" which you can try...
-
Thank you! That is something I can try later tonight, at present three ethernet and four WiFi are all bridged, I will eliminate the bridge, and report back. Yes, LAN hands out IPs via DHCP. V. 2.06 also the same behavior as V. 2.05
-
Correction: the LAN interface (currently bridged) is assigned the static IP of 192.168.1.1, I needed to reread your question.
Thanks again. -
Correction: the LAN interface (currently bridged) is assigned the static IP of 192.168.1.1, I needed to reread your question.
Thanks again.If you want to continue bridging… Add another physical interface (without bridging) and assign the DNSBL VIP to that Interface. Just make sure to add firewall rules to allow other LAN addresses to access it...
Otherwise best to remove the bridge and use a more efficient hardware switch :)
-
I have this website which implements most of the content/features with iframes and it stops working when enabling DNSBL. I have added the addresses of the site and iframe's to the "Custom Domain Suppression" but the site simply refuses to load nothing but a white page where the iframe goes. tcpdump shows no activity when loading that site. None of the log files reveal nothing useful. Any way to debug it further?
