Removing pfblocker
-
Hi,
I ran this check and the following remains:
<tab><text>General</text>
<url>/pkg_edit.php?xml=pfblocker.xml&id=0</url>
<active></active></tab>Thanks lt1360hp,
I made a fix to remove those xml tags also.
If anyone else runs the script, they can run the following command after running the removal script to ensure it removed all the the old reminents of the previous version of pfblocker.
grep "pfblocker" /conf/config.xml | grep -v "pfblockerng" -
Hi vronp,
That's fine. That is just telling you that the last active menu tab was pfBlocker. If you click another menu item in pfSense and re-run the grep command it should clear that.
-
I tried running the script below on a server running 2.2.2 (without the pfBlocker package as it is not available for 2.2.x) where the config had been restored from a server with 2.1.5 and the pfBlocker package on and it didn't work: the config still had the pfBlocker config in… Output at the bottom of this post:
Here is a script to remove the previous pfBlocker package from the pfSense config.xml
So please make a full backup before proceeding. Please post back if you were successful in removing the old remnants of this package…
Save this script to /usr/local/www/removepfb.php
then from your pfSense GUI
https://x.x.x.x:yyy/removepfb.php
(Change x.x.x.x to your pfsense box IP and yyy to the port setting used.)
It will report to the screen with its activity.
# Script to Remove pfBlocker from Config.xml # # by BBCan177@gmail.com # Copyright (c) 2015 require_once("pfsense-utils.inc"); require_once("config.inc"); require_once("services.inc"); global $config; print "``` "; print "Removing pfBlocker from the pfSense Configuration file\n\n"; $removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers"); foreach ($removal as $remove){ if (is_array($config['installedpackages'][$remove])){ unset ($config['installedpackages'][$remove]); print "Removed {$remove}\n"; } } # Remove pfBlocker Menu Entry $pfb_menus = &$config['installedpackages']['menu']; if (!empty($pfb_menus)) { $key = 0; foreach ($pfb_menus as $menu) { if ($menu['name'] == "pfBlocker") { unset ($pfb_menus[$key]); print "Removed pfBlocker Menu Entry\n"; } $key++; } } # Remove pfBlocker Package Entry $pfb_pkg = &$config['installedpackages']['package']; if (!empty($pfb_pkg)) { $key = 0; foreach ($pfb_pkg as $pkg) { if ($pkg['name'] == "pfBlocker") { unset ($pfb_pkg[$key]); print "Removed pfBlocker Pkg Entry\n"; } $key++; } } # Remove Widget $pfb_widgets = $config['widgets']['sequence']; if (!empty($pfb_widgets)) { $widgetlist = explode(",", $pfb_widgets); foreach ($widgetlist as $key => $widget) { if (strstr($widget, "pfBlocker-container")) { unset($widgetlist[$key]); break; } } $config['widgets']['sequence'] = implode(",", $widgetlist); } #Remove any pfBlocker alias tables if (is_array($config['aliases']['alias'])){ foreach($config['aliases']['alias'] as $alias){ if (!preg_match("/^pfBlocker/", $alias['name'])) { $new_aliases[]= $alias; } } $config['aliases']['alias'] = $new_aliases; } # Remove pfBlocker Files/Folders unlink_if_exists ("/usr/local/pkg/pfblocker.inc"); unlink_if_exists ("/usr/local/pkg/pfblocker.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_Africa.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_Asia.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_Europe.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_NorthAmerica.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_Oceania.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_SouthAmerica.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_lists.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_sync.xml"); unlink_if_exists ("/usr/local/pkg/pfblocker_topspammers.xml"); unlink_if_exists ("/usr/local/www/pfblocker.php"); unlink_if_exists ("/usr/local/www/widgets/widgets/pfBlocker.widget.php"); unlink_if_exists ("/usr/local/pkg/Africa_cidr.txt"); unlink_if_exists ("/usr/local/pkg/Asia_cidr.txt"); unlink_if_exists ("/usr/local/pkg/Europe_cidr.txt"); unlink_if_exists ("/usr/local/pkg/Oceania_cidr.txt"); unlink_if_exists ("/usr/local/pkg/South_America_cidr.txt"); rmdir_recursive ("/usr/local/pkg/pfblocker"); rmdir_recursive ("/usr/local/pkg/pfblocker_aliases"); exec ("/bin/rm /var/db/aliastables/pfBlocker*.*"); # Remove Cron Task install_cron_job("pfblocker.php cron", false); # Save Configuration write_config("Removed pfBlocker"); ?>The output for me was:
Removing pfBlocker from the pfSense Configuration file Removed pfblocker Removed pfblockerlists Removed pfblockertopspammers Removed pfBlocker Menu Entry Fatal error: Call to undefined function getUserEntry() in /etc/inc/config.lib.inc on line 501Should I just remove the config manually using the nested grep example BBcan177 gave?
grep "pfblocker" /conf/config.xml | grep -v "pfblockerng" -
P.S. The script removed nothing as far as I could tell: the pfBlocker rules were still present and the menu entry was still present.
-
It won't remove the rules but it should remove the menu entry. Is this a full install version of pfSense. Might need to put the system into RW mode to save the changes if it's a nano/flash type version.
-
greping the config file still shows 'pfblockersync'. Should that be there?
-
greping the config file still shows 'pfblockersync'. Should that be there?
Thanks for pointing that out. I can't edit my original post, but please edit the script to include "pfblockersync" as follows:
Original
$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers");
New
$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers", "pfblockersync");
-
script saved me. upgraded from 2.2.4 to 2.3.1 and pfblocker broke. Tried remove and reinstall no go. was able to get to router but not out to internet. ran script, rebooted, and all my problems are gone. Thanks!
-
Just tried running this - after copying the script to my pfsense VM.
I ran the script from Chrome and it just outputs 'Removing pfBlocker from the pfSense Configuration file'
Where exactly am I executing the script from?
Thanks
-
The script is outdated.
-
To install or re-install pfBlockerNG 2.1.1_2
https://forum.pfsense.org/index.php?topic=102470.msg647719#msg647719Then you can install or re-install the pfBlockerNG 2.1.1_2.
The install should update the MaxMind (this take 5+ minutes) and proceed to completion.Then you can remove the package
-
Many thanks for the new fix.
I have attempted a new install after modifying config.inc. However the pfBlockerng entry under my firewall menu is not visible.
Installation log:-
Installing pfSense-pkg-pfBlockerNG…
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 6 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
pfSense-pkg-pfBlockerNG: 2.1.1_2 [pfSense]
whois: 5.1.5 [pfSense]
GeoIP: 1.6.9 [pfSense]
lighttpd: 1.4.39_1 [pfSense]
grepcidr: 2.0 [pfSense]
aggregate: 1.6_1 [pfSense]Number of packages to be installed: 6
The process will require 2 MiB more space.
[1/6] Installing whois-5.1.5…
[1/6] Extracting whois-5.1.5: …....... done
[2/6] Installing GeoIP-1.6.9…
[2/6] Extracting GeoIP-1.6.9: …....... done
[3/6] Installing lighttpd-1.4.39_1…
[3/6] Extracting lighttpd-1.4.39_1: …....... done
[4/6] Installing grepcidr-2.0…
[4/6] Extracting grepcidr-2.0: ….. done
[5/6] Installing aggregate-1.6_1…
[5/6] Extracting aggregate-1.6_1: …. done
[6/6] Installing pfSense-pkg-pfBlockerNG-2.1.1_2…
[6/6] Extracting pfSense-pkg-pfBlockerNG-2.1.1_2: …....... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...
MaxMind GeoIP databases previously downloaded.
Adding pfBlockerNG Widget to the Dashboard... done.
Remove any existing and create link for DNSBL lighttpd executable... done.
Creating DNSBL web server start-up script... done.
Upgrading Adv. Inbound firewall rule settings ... no changes required ... done.
Custom commands completed ... done.
Executing custom_php_resync_config_command()...pkg: POST-INSTALL script failed
Message from GeoIP-1.6.9:
GeoIP does not ship with the actual data files. You must download
them yourself! Please run:/usr/local/bin/geoipupdate.sh
Cleaning up cache... done.
SuccessImmediately after install I get a crash report:-
Crash report begins. Anonymous machine information:
amd64
10.3-RELEASE-p5
FreeBSD 10.3-RELEASE-p5 #0 7307492(RELENG_2_3_2): Tue Jul 19 13:29:35 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[14-Aug-2016 14:42:20 Europe/London] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 72 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3874
[14-Aug-2016 14:42:20 Europe/London] PHP Stack trace:
[14-Aug-2016 14:42:20 Europe/London] PHP 1. {main}() /etc/rc.start_packages:0
[14-Aug-2016 14:42:20 Europe/London] PHP 2. sync_package() /etc/rc.start_packages:90
[14-Aug-2016 14:42:20 Europe/London] PHP 3. eval() /etc/inc/pkg-utils.inc:631
[14-Aug-2016 14:42:20 Europe/London] PHP 4. sync_package_pfblockerng() /etc/inc/pkg-utils.inc(631) : eval()'d code:3
[14-Aug-2016 14:42:20 Europe/London] PHP 5. file() /usr/local/pkg/pfblockerng/pfblockerng.inc:3874Pfsense 2.3.2 running on ESXi 6 VM with 2GB RAM and 4vCPUs
Many thanks
-
// Set memory limit to 512M on amd64. if ($ARCH == "amd64") { ini_set("memory_limit", "512M"); } else { ini_set("memory_limit", "256M"); }You are using the AMD64 version, try to increase to 768M:
if ($ARCH == "amd64") { ini_set("memory_limit", "768M"); } else { ini_set("memory_limit", "256M"); }Or wait until BBCan releases the fix
-
To increase memory_limit over 512M you also need to fix /usr/local/etc/php.ini, /etc/rc.php_ini_setup
