Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG v2.1 w/TLD

    Scheduled Pinned Locked Moved pfBlockerNG
    124 Posts 42 Posters 262.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • QinnQ
      Qinn
      last edited by

      @BBcan177:

      @Qinn:

      Thanks I noticed that the log while updating to 2.1.1_3 didn't gave sign it finished, after updating to 2.1.1_4 all seems well ;)

      It was still running in the background (v2.1.1_3). The issue was that it wasn't printing the log messages to the installation window. So if you would have left it running for a min or so, it would have completed. Its now fixed in v2.1.1_4

      btw I would like to test a php /usr/local/www/pfblockerng/pfblockerng.php dc but as I have dramatically changed the hardware I cannot compare it to when the memory issues occurred (see https://forum.pfsense.org/index.php?topic=102470.750 )!

      The code was re-factored to not use as much PHP memory, so hopefully no one else runs into those issues :) Still hoping that MaxMind fixes the issues that caused those two Countries IPv6 entries to explode 5 fold….

      Thanks for the quick relpy! Yeah, that's the hardest part of coding, making it idiot proof for both users and resources. In this case it was the latter ;)

      Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
      Firmware: Latest-stable-pfSense CE (amd64)
      Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

      1 Reply Last reply Reply Quote 0
      • QinnQ
        Qinn
        last edited by

        Maybe it's n=1 and is it just me, but after update to 2.1.1_4 unbound won't come up, I did a reboot let's wait and see.

        Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
        Firmware: Latest-stable-pfSense CE (amd64)
        Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

        1 Reply Last reply Reply Quote 0
        • J
          jrdnlc
          last edited by

          Anyone have issues with pfBlocker and Playstation 4 online gaming? While playing online games lag a lot that the only fix was to disable pfb.
          The logs show nothing of what exactly is blocking it.

          Is there a way to exclude the PS4 to not use the service?

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            @jrdnlc:

            Anyone have issues with pfBlocker and Playstation 4 online gaming? While playing online games lag a lot that the only fix was to disable pfb.
            The logs show nothing of what exactly is blocking it.

            Is there a way to exclude the PS4 to not use the service?

            Did you review the pfBlockerNG Alerts Tab? If its being blocked via an IP List, it will show in the logs.  For DNSBL it should also show in the Alerts Tab. For DNSBL there are some further instructions listed in the DNSBL tab which can be seen when you click on the blue infoblock icon in the INFO section.  If it is being blocked by DNSBL and you can't find the Domain thats being blocked, you can set the DNS settings of the LAN device to a different DNS server to bypass DNSBL.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • B
              brandur
              last edited by

              Hi @BBcan177
              I just wanted to inform you that the info link/icon (to the right of the update ion), links to the wrong forum thread.

              It's pointing to (pfBlockerNG v2.0 w/DNSBL): https://forum.pfsense.org/index.php?topic=102470.0
              When it should be pointing to (pfBlockerNG v2.1 w/TLD): https://forum.pfsense.org/index.php?topic=115357.0

              pfSense-update_link.JPG
              pfSense-update_link.JPG_thumb

              SG-4860 w/128GB SSD & 8GB RAM

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                @brandur:

                Hi @BBcan177
                I just wanted to inform you that the info link/icon (to the right of the update ion), links to the wrong forum thread

                Thanks good catch! Will change that when I submit the next release :)

                Wow! This thread had over 1000 views since last night  ;)

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • QinnQ
                  Qinn
                  last edited by

                  @BBcan177:

                  @brandur:

                  Hi @BBcan177
                  I just wanted to inform you that the info link/icon (to the right of the update ion), links to the wrong forum thread

                  Thanks good catch! Will change that when I submit the next release :)

                  Wow! This thread had over 1000 views since last night  ;)

                  That's high 1k over night! For now 2.1.1_4 is running 22 hours without a flaw ;) . I did a php /usr/local/www/pfblockerng/pfblockerng.php dc and all went right (took about 25 min, but that is to be expected as of the dramatic raise of the resources of MaxMind).

                  Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
                  Firmware: Latest-stable-pfSense CE (amd64)
                  Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

                  1 Reply Last reply Reply Quote 0
                  • P
                    pftdm007
                    last edited by

                    First of all sorry if this is not in the right forum thread, there is now 3+ active threads for pfbng…

                    My problem is with the latest release (2.1.1_4) so I figured this is the right location to post.

                    This morning I got the notification that 2.1.1_4 was released which would fix the late php error problems caused by MaxMind.  I immediately updated my package then started pfblockerNG.  Then I went to the force update and did a force update.  All went well, then I did a force reload.  At this moment, the hard drive went crazy for 10min+ and I lost all network connectivity.  Lost contact with pfsense, LAN connectivity and of course lost connectivity to the internet.

                    I rebooted the firewall (reset button) then it came back online.  I immediately deactivated pfbng.  After that I got these errors by email:

                    
                     There were error(s) loading the rules: /tmp/rules.debug:53: cannot define table pfB_Top_v6: Cannot allocate memory - The line in question reads [53]: table <pfb_top_v6>persist file "/var/db/aliastables/pfB_Top_v6.txt"
                    
                    There were error(s) loading the rules: /tmp/rules.debug:199: macro 'pfB_Africa_v4' not defined - The line in question reads [199]: block log  quick  on {  em5  } inet from $pfB_Africa_v4 to any tracker 1770009617  label "USER_RULE: pfB_Africa_v4 auto rule"</pfb_top_v6> 
                    
                    1 Reply Last reply Reply Quote 0
                    • RonpfSR
                      RonpfS
                      last edited by

                      Take a look a /var/log/pfblockerng/extras.log, /var/log/pfblockerng/pfblockerng.log, Status / System Logs / System / General, Status / System Logs / System / DNS Resolver, Dashboard for crash report.

                      Resolver log won't tell much. On reboot you have to go to Status / Services and restart the unbound service. After the restart, the log will have unbound messages.

                      2.4.5-RELEASE-p1 (amd64)
                      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                      1 Reply Last reply Reply Quote 0
                      • R
                        rajl
                        last edited by

                        @lpallard:

                        First of all sorry if this is not in the right forum thread, there is now 3+ active threads for pfbng…

                        My problem is with the latest release (2.1.1_4) so I figured this is the right location to post.

                        This morning I got the notification that 2.1.1_4 was released which would fix the late php error problems caused by MaxMind.  I immediately updated my package then started pfblockerNG.  Then I went to the force update and did a force update.  All went well, then I did a force reload.  At this moment, the hard drive went crazy for 10min+ and I lost all network connectivity.  Lost contact with pfsense, LAN connectivity and of course lost connectivity to the internet.

                        I rebooted the firewall (reset button) then it came back online.  I immediately deactivated pfbng.  After that I got these errors by email:

                        
                         There were error(s) loading the rules: /tmp/rules.debug:53: cannot define table pfB_Top_v6: Cannot allocate memory - The line in question reads [53]: table <pfb_top_v6>persist file "/var/db/aliastables/pfB_Top_v6.txt"
                        
                        There were error(s) loading the rules: /tmp/rules.debug:199: macro 'pfB_Africa_v4' not defined - The line in question reads [199]: block log  quick  on {  em5  } inet from $pfB_Africa_v4 to any tracker 1770009617  label "USER_RULE: pfB_Africa_v4 auto rule"</pfb_top_v6> 
                        

                        I'm having a very similar problem.  I had uninstalled pfblockerng using the package manager and was waiting for an update to fix the memory problems.  When I installed the latest version, I began getting the following errors:

                        
                        There were error(s) loading the rules: /tmp/rules.debug:27: cannot load "/var/db/aliastables/pfB_NAmerica_v4.txt": No such file or directory - The line in question reads [27]: table <pfB_NAmerica_v4> persist file "/var/db/aliastables/pfB_NAmerica_v4.txt" @ 2016-08-24 21:03:13
                        There were error(s) loading the rules: /tmp/rules.debug:27: cannot load "/var/db/aliastables/pfB_NAmerica_v6.txt": No such file or directory - The line in question reads [27]: table <pfB_NAmerica_v6> persist file "/var/db/aliastables/pfB_NAmerica_v6.txt" @ 2016-08-24 21:03:24
                        There were error(s) loading the rules: /tmp/rules.debug:178: macro 'pfB_NAmerica_v4' not defined - The line in question reads [178]: block in log quick on $WAN reply-to ( re0 174.49.92.1 ) inet from ! $pfB_NAmerica_v4 to any tracker 1770009560 label "USER_RULE: pfB_NAmerica_v4 auto rule" @ 2016-08-24 21:03:27
                        There were error(s) loading the rules: /tmp/rules.debug:178: macro 'pfB_NAmerica_v4' not defined - The line in question reads [178]: block in log quick on $WAN reply-to ( re0 174.49.92.1 ) inet from ! $pfB_NAmerica_v4 to any tracker 1770009560 label "USER_RULE: pfB_NAmerica_v4 auto rule" @ 2016-08-24 21:03:30
                        
                        

                        The end result for me is that my white list rule allowing only inbound traffic from the U.S. fails to load.  However, I have no problems with other features, (e.g., adblocking).  No errors show up in extras.log or pfblockerng.log.

                        1 Reply Last reply Reply Quote 0
                        • BBcan177B
                          BBcan177 Moderator
                          last edited by

                          When you uninstalled the pkg previously, did you uncheck "Keep Settings"… If not, some files may have remained.

                          I would suggest you goto the pfBlockerNG General tab, and uncheck "Enable pfBlockerNG" and uncheck "Keep Settings", followed by "Save"...    Then reverse this by re-checking both options and "Save".

                          Goto the Dashboard and clear any notices so that you are starting fresh...

                          Then goto the Update tab and run a "Force Update".

                          Then review the pfblockerng.log for any issues (if any).

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          1 Reply Last reply Reply Quote 0
                          • P
                            pftdm007
                            last edited by

                            OK so I tried unchecking the "Keep settings" and "Enable pfb" checkboxes then saving.  Then I checked them back on and did a force update.  The process never ended.  45minutes later, everything was dead and the last thing I could see on the WebUI was "Rstsarting Unbound".

                            The hard drive gpoes completely off charts while this happens.  I tried getting the system logs after the hard reset but it goes only up to 22:35 which is already 5 minutes after I manually reset the pfsense box.

                            Tomorrow I will try to simulate this once more, and gather all logs I will be able to find.  My feeling, somehow, since I lose all network connectivity, is that unbound crashes hard probably due to lack of RAM??  Is it even possible?  I am saying that because when this happens I have network connectivity for a few minutes then everything drops.  Then I cant even connect to my internal clients (same subnet).

                            1 Reply Last reply Reply Quote 0
                            • RonpfSR
                              RonpfS
                              last edited by

                              If outbound crashes, you should still be able to access the FW by it's IP. So open one tab in your browser using the FW IP and have Diagnostics / System activity open so you can see what is happening while you run Force Reload on another tab with the FW FQDN.
                              Again, you won't get any log from Resolver(unbound) if you do not restart it right after reboot.

                              Could you be running out of disk space ? Do you have /var in RAM Disk? Maybe your hard disk is failing.

                              Before enabling pfBlockerNG, disable the tables and enable them progressively to pinpoint the problem.

                              Then before enabling DSNBL, disable the tables and go progressively until the issue appears.

                              2.4.5-RELEASE-p1 (amd64)
                              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                              1 Reply Last reply Reply Quote 0
                              • P
                                pftdm007
                                last edited by

                                BBcan177, private email sent.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  spittlbm
                                  last edited by

                                  Same issues as lpallard.  I mostly resolved this by bumping Max table entries above 2MM and disabling/enabling PFBNG.

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    blueduckdock
                                    last edited by

                                    Trying to figure out pfblocker on CARP….

                                    I've used this extensively on single installs but not via CARP. Are there any considerations I should take into account? I was told by pfsense support when I first installed that firewalls should mirror (ie. have pfblocker installed on both, etc.)
                                    Am I ok to configure FW1 on 10.0.10.1 with whatever pfblocker stuff I want then simply sync to 10.0.10.2 (FW2?) I don't have to worry about the CARP interface or sync issues between this package and that right (let's say CARP interface is on 10.0.10.250)

                                    1 Reply Last reply Reply Quote 0
                                    • BBcan177B
                                      BBcan177 Moderator
                                      last edited by

                                      @blueduckdock:

                                      Trying to figure out pfblocker on CARP….

                                      I've used this extensively on single installs but not via CARP. Are there any considerations I should take into account? I was told by pfsense support when I first installed that firewalls should mirror (ie. have pfblocker installed on both, etc.)
                                      Am I ok to configure FW1 on 10.0.10.1 with whatever pfblocker stuff I want then simply sync to 10.0.10.2 (FW2?) I don't have to worry about the CARP interface or sync issues between this package and that right (let's say CARP interface is on 10.0.10.250)

                                      Hi blueduckdock,

                                      You can use CARP/HA in pfSense without issue. The package has an XMLRPC sync Tab that allows for the configuration of the package to be sync'd to other boxes… But with the current DNSBL code, this will cause issues with the DNSBL VIP, as both pfSense boxes will have the same DNSBL VIP address..

                                      I had one user several months ago ask if this could be addressed and I did create a patch to get this addressed... If you are able to test it out, shoot me a PM if that works for you...

                                      "Experience is something you don't get until just after you need it."

                                      Website: http://pfBlockerNG.com
                                      Twitter: @BBcan177  #pfBlockerNG
                                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        blueduckdock
                                        last edited by

                                        @BBcan177:

                                        @blueduckdock:

                                        Trying to figure out pfblocker on CARP….

                                        I've used this extensively on single installs but not via CARP. Are there any considerations I should take into account? I was told by pfsense support when I first installed that firewalls should mirror (ie. have pfblocker installed on both, etc.)
                                        Am I ok to configure FW1 on 10.0.10.1 with whatever pfblocker stuff I want then simply sync to 10.0.10.2 (FW2?) I don't have to worry about the CARP interface or sync issues between this package and that right (let's say CARP interface is on 10.0.10.250)

                                        Hi blueduckdock,

                                        You can use CARP/HA in pfSense without issue. The package has an XMLRPC sync Tab that allows for the configuration of the package to be sync'd to other boxes… But with the current DNSBL code, this will cause issues with the DNSBL VIP, as both pfSense boxes will have the same DNSBL VIP address..

                                        I had one user several months ago ask if this could be addressed and I did create a patch to get this addressed... If you are able to test it out, shoot me a PM if that works for you...

                                        Yeah, I saw that post about DNSBL. Sucks because that's a big part of what I'm looking for with this.

                                        Unfortunately I cannot test on that (it's prod.) If I get to it, I'll try to set either my home up with CARP (was thinking about doing it in the future between proxmox and physical anyway) or at least two pfsense VMs in my homelab.

                                        I will let you know as I'd like to test it and help out. I've used pfblocker for so long it's the least I can do.

                                        Thanks BBcan

                                        1 Reply Last reply Reply Quote 0
                                        • BBcan177B
                                          BBcan177 Moderator
                                          last edited by

                                          @blueduckdock:

                                          Yeah, I saw that post about DNSBL. Sucks because that's a big part of what I'm looking for with this.

                                          Unfortunately I cannot test on that (it's prod.) If I get to it, I'll try to set either my home up with CARP (was thinking about doing it in the future between proxmox and physical anyway) or at least two pfsense VMs in my homelab.

                                          I will let you know as I'd like to test it and help out. I've used pfblocker for so long it's the least I can do.

                                          Thanks BBcan

                                          Thanks, if/when you have a test environement setup, shoot me a PM and we can go from there!

                                          I've used pfblocker for so long it's the least I can do.

                                          Thanks, I appreciate that! ;)

                                          "Experience is something you don't get until just after you need it."

                                          Website: http://pfBlockerNG.com
                                          Twitter: @BBcan177  #pfBlockerNG
                                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            tonymorella
                                            last edited by

                                            Running the latest 2.1.1_4

                                            When force updates via the GUI all control is lost but I can see the updates. The only way to get it back is to ssh and reset using 11 and 16, or close the browser and wait a while before login back in. If I run the updates via console do not have the same issue, I think it's has something to do with the live logs.

                                            Thanks
                                            Tony

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.