PFBLOCKERNG DNSBL update failing
-
When I check the logs during the hung update this is all that shows up in the pfblockerng.log the other logs don't show anything.
**Saving configuration [ 09/05/16 14:18:42 ] …
**Saving configuration [ 09/05/16 14:18:50 ] …
**Saving configuration [ 09/05/16 14:18:57 ] …
Adding Unbound Server:Include line... completed
Validating database... completed
Reloading Unbound.... completed
DNSBL update [ 0 | PASSED ]… completedDNSBL - Adding Unbound custom 'include' option
Saving new DNSBL web server configuration to port [ 8081 and 8443 ]
Saving pfSense config…
VIP address configured. Widget Packet statistics reset.
Restarting Service DNSBL...
UPDATE PROCESS START [ 09/05/16 14:19:03 ]===[ DNSBL Process ]================================================
-
What are you using for DNSBL Feeds ?
-
What are you using for DNSBL Feeds ?
For the feeds I have these
http://someonewhocares.org/hosts/hosts
https://adaway.org/hosts.txtand
I have setup the DNSBL Easylist selecting all categories.
The issue here is I've tried disabling and only using one feed and no easylist and it still just hangs and won't complete the update.
-
No space or special characters in DNS GROUP Name or Header/Label
You selected Unbound for List Action ?
Did you try running a Force Upload ? Force Reload DNSBL? -
No space or special characters in DNS GROUP Name or Header/Label
You selected Unbound for List Action ?
Did you try running a Force Upload ? Force Reload DNSBL?Thats correct nothing abnormal in the naming etc. This was and had been working with this exact setup for months but I noticed this hang issue after the last pfblockerng update. But I can't prove that is the cause and I can't figure out how to roll back to the previous version to see if that solves the issue. I've done the Force upload and reload nothing seems to fix it.
-
Strange, is that all you find in pfblockng.log ?
Nothing in system logs? No crash report in Dasboard?
Diagnostics System Activity show any pfblockerng process taking CPU time?
Disk full? -
Strange, is that all you find in pfblockng.log ?
Nothing in system logs? No crash report in Dasboard?
Diagnostics System Activity show any pfblockerng process taking CPU time?
Disk full?The Disk is no where near full. I have 887G free right now. The pfblockerng.log shows what I posted before that the DNSBL process is started but it doesn't do anything else after that just keeps running constantly.
When the update is running the diag system activity shows the following constantly:
CPU Activity
last pid: 70501; load averages: 0.93, 0.46, 0.42 up 3+16:52:10 14:56:59
140 processes: 6 running, 111 sleeping, 23 waitingMem: 33M Active, 129M Inact, 328M Wired, 274M Buf, 5259M Free
Swap: 16G Total, 16G FreePID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 64K CPU3 3 88.7H 100.00% [idle{idle: cpu3}]
51179 root 103 0 224M 33936K CPU2 2 2:40 100.00% /usr/local/bin/php /usr/local/www/pfblocke
11 root 155 ki31 0K 64K CPU0 0 88.6H 94.78% [idle{idle: cpu0}]
11 root 155 ki31 0K 64K RUN 1 88.7H 90.38% [idle{idle: cpu1}]
11 root 155 ki31 0K 64K RUN 2 88.4H 23.58% [idle{idle: cpu2}]
69419 root 21 0 262M 31868K piperd 3 0:00 0.20% php-fpm: pool nginx (php-fpm)
12 root -92 - 0K 368K WAIT 1 3:40 0.00% [intr{irq269: re0}]
12 root -60 - 0K 368K WAIT 0 3:14 0.00% [intr{swi4: clock}]
0 root -92 - 0K 256K - 2 2:15 0.00% [kernel{em0 que}]
37091 unbound 20 0 72168K 43364K kqread 0 0:36 0.00% /usr/local/sbin/unbound -c /var/unbound/un
5 root -16 - 0K 16K pftm 0 0:30 0.00% [pf purge]
0 root -16 - 0K 256K swapin 2 0:30 0.00% [kernel{swapper}]
15 root -16 - 0K 16K - 0 0:24 0.00% [rand_harvestq]
16 root -68 - 0K 240K - 2 0:16 0.00% [usb{usbus0}]
49933 root 52 20 17000K 2564K wait 1 0:12 0.00% /bin/sh /var/db/rrd/updaterrd.sh
323 root 20 0 13624K 4836K select 0 0:08 0.00% /sbin/devd -q
44387 root 20 0 21036K 5008K select 0 0:08 0.00% /usr/local/sbin/miniupnpd -f /var/etc/mini
38306 ladvd 20 0 19212K 2804K kqread 3 0:06 0.00% ladvd: child (ladvd) -
Maybe you could post the pfblockerng.log from the last successfull update till now. Extras.log and error.log. (use the [ code] [ /code] (without the space!) to format the text)
And a screenshot of the Feeds, and DNSBL Easylist in case we see something.
When you go to the Update tab, does it show the running status ? -
Maybe you could post the pfblockerng.log from the last successfull update till now. Extras.log and error.log.
And a screenshot of the Feeds, and DNSBL Easylist in case we see something.
When you go to the Update tab, does it show the running status ?I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer. I can post the pictures of the easylist sure and I can post the update tab running status but its the same that the pfblockerng.log shows..just the DNSBL Process started.
![Screen Shot 2016-09-05 at 3.10.15 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 3.10.15 PM.png)
![Screen Shot 2016-09-05 at 3.10.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 3.10.15 PM.png_thumb)
![Screen Shot 2016-09-05 at 3.09.30 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 3.09.30 PM.png)
![Screen Shot 2016-09-05 at 3.09.30 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 3.09.30 PM.png_thumb) -
Well it possible to download the log to your computer and look at it with a text editor.
Now you don't have much to debug the failure mode.Go to Diagnostice Command prompt and execute
ps -axwwwll | grep pfb
Do you see many pfblockerng.php running?
-
Well it possible to download the log to your computer and look at it with a text editor.
Now you don't have much to debug the failure mode.Go to Diagnostice Command prompt and execute
ps -axwwwll | grep pfb
Do you see many pfblockerng.php running?
No I manually kill the process because it just hangs there. So there is none running right now. If I run the update again there will be one process running and won't stop unless I manually stop it. I have let it go for days in the past to see if it would complete and it never did.
-
I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer.
Go to the Firewall / pfBlockerNG / Log Browser and look at the files. You can download them in that tab.
What about a screen shots of the DNSBL feeds ?
Disable all DNSBL feeds excepts DNSBL EasyList, hit Force Reload All and post the log.
-
I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer.
Go to the Firewall / pfBlockerNG / Log Browser and look at the files. You can download them in that tab.
What about a screen shots of the DNSBL feeds ?
Disable all DNSBL feeds excepts DNSBL EasyList, hit Force Reload All and post the log.
These are the only log files that had anything in them
[log files.zip](/public/imported_attachments/1/log files.zip)
-
No extras.log ? maxmind_ver ? dnsbl.log error.log ? or you empty them?
-
No extras.log ? maxmind_ver ? dnsbl.log error.log ? or you empty them?
I had emptied them all before and when I do the for reload all nothing shows up in them.
-
Why? :o
You lost the history of what happened. Log files don't do any harm to the system and will not break anything in pfblockerNG.
Just a wild guess would be to put something in the description field but it may not change anything.
-
Are you able to download the Easylist URL https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt &
https://easylist-downloads.adblockplus.org/easyprivacy.txt ?Nothing is blocking in the FW logs?
-
Why? :o
You lost the history of what happened. Log files don't do any harm to the system and will not break anything in pfblockerNG.
Just a wild guess would be to put something in the description field but it may not change anything.
I cleared the logs to find the error easier but the logs weren't showing any real errors so it was a lost cause no matter what for that.
-
What did you select in the Alexa Whitelist ? It hangs with Top 750K and Top 1M :(
-
Hi jbedgood,
I see the issue and will get that fixed in the next release… In the meantime, I have PM'd you a fix.
Thanks for reporting...