pfBlockerNG Devel 2.2.1 upgrade fails to start pfb_dnsbl service
-
no, the vip is not reachable. When I go to Firewall -> Virtual IPs, it is listed there. Additionally, there are autogenerated rules in the floating section that allow connections to the vip ip. So I assume that means that the firewall is not preventing it, it just doesn't have any service running to receive it.
-
@mcampbell And you have DNSBL enabled ?
Maybe disable pfblockerNG, uninstall, install again, Force Reload All
-
yes, DNSBL is enabled in Firewall -> pfblockerNG -> DNSBL. I've already uninstalled pfblockerNG, making sure keep settings was not selected, and reinstalled, and manually put settings back in, and rebooted pfsense for good measure. Do you feel that doing that again may help?
-
@mcampbell No need to reconfigure from scratch. Disable it, keep settings, uninstall, install.
Take a look at the uninstall and install logs.
Enable, Force Reload ALL -
Also, tried going to a url in one of the DNSBL lists, and it just times out, but nothing about it shows up in statistics.
-
@mcampbell Once you have uninstalled pfBlockerNG, take a look at the Services tab to make sure no pfBlockerNG services are still there.
-
Problem appears to be the same. I did as you asked, disabled pfblockerNG, checked the status of the services and found both pfb_dnsbl and pfb_filter disabled, then uninstalled, confirmed that both services were missing from the service list, and then reinstalled it, enabled, and did a force reload all. pfb_dnsbl still won't start up. But pfb_filter loads up just fine. Below are reinstall logs and reload logs, again, don't see any errors in them.
Reinstall logs:
Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 9 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-pfBlockerNG-devel: 2.2.1 [pfSense] lighttpd: 1.4.48_1 [pfSense] lua52: 5.2.4 [pfSense] whois: 5.2.17 [pfSense] GeoIP: 1.6.11 [pfSense] iprange: 1.0.3 [pfSense] grepcidr: 2.0 [pfSense] pecl-intl: 3.0.0_11 [pfSense] icu: 60.2_1,1 [pfSense] Number of packages to be installed: 9 The process will require 53 MiB more space. [1/9] Installing lua52-5.2.4... [1/9] Extracting lua52-5.2.4: ......... done [2/9] Installing icu-60.2_1,1... [2/9] Extracting icu-60.2_1,1: .......... done [3/9] Installing lighttpd-1.4.48_1... ===> Creating groups. Using existing group 'www'. ===> Creating users Using existing user 'www'. [3/9] Extracting lighttpd-1.4.48_1: .......... done [4/9] Installing whois-5.2.17... [4/9] Extracting whois-5.2.17: .......... done [5/9] Installing GeoIP-1.6.11... [5/9] Extracting GeoIP-1.6.11: .......... done [6/9] Installing iprange-1.0.3... [6/9] Extracting iprange-1.0.3: ..... done [7/9] Installing grepcidr-2.0... [7/9] Extracting grepcidr-2.0: ..... done [8/9] Installing pecl-intl-3.0.0_11... [8/9] Extracting pecl-intl-3.0.0_11: .......... done [9/9] Installing pfSense-pkg-pfBlockerNG-devel-2.2.1... [9/9] Extracting pfSense-pkg-pfBlockerNG-devel-2.2.1: .......... done Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_install_command()... Downloading MaxMind GeoIP databases. This may take a minute... GeoIP.dat... done. GeoIPv6.dat... done. GeoLite2-Country-CSV.zip... done. Downloading MaxMind GeoIP databases... done. Converting MaxMind GeoIP databases for pfBlockerNG. This may take a few minutes... Creating pfBlockerNG Continent PHP files... Adding pfBlockerNG Widget to the Dashboard... Remove any existing and create links for Firewall filter executables... done. Creating Firewall filter service... done. Remove any existing and create link for DNSBL lighttpd executable... done. Creating DNSBL service... done. Creating DNSBL web server config ... done. Creating DNSBL Certificate... done. Re-starting DNSBL Service... done. Upgrading Adv. Inbound firewall rule settings ... no changes required ... done. Upgrading OpenVPN/IPSec interface selections... no changes required ... done. Upgrading EasyList/Easyprivacy category settings... no changes required ... done. Upgrading Proofpoint/ET IQRisk settings... no changes required ... done. Upgrading General Tab -> IP Tab settings... no changes required ... done. Upgrading pfBlockerNGSuppress Alias -> IPv4 Suppression Customlist... no changes required ... done. Custom commands completed ... done. Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. Message from lua52-5.2.4: ===> NOTICE: The lua52 port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port Message from GeoIP-1.6.11: GeoIP does not ship with the actual data files. You must download them yourself! Please run: # /usr/local/bin/geoipupdate.sh >>> Cleaning up cache... done. SuccessReload-All:
===[ DNSBL Process ]================================================ Loading DNSBL Statistics... completed Loading DNSBL Whitelist... completed [ EasyList ] Reload . completed .. Whitelist: ad.doubleclick.net|amazon-adsystem.com|entrecard.s3.amazonaws.com|googleads.g.doubleclick.net|googletagservices.com|imasdk.googleapis.com|ltassrv.com.s3.amazonaws.com|partner.googleadservices.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 16200 15646 0 8 0 15638 ---------------------------------------------------------------------- [ Adaway ] Reload [ 08/12/18 15:13:15 ] . completed .. Whitelist: aax-us-east.amazon-adsystem.com|aax-us-west.amazon-adsystem.com|ad.doubleclick.net|admarvel.s3.amazonaws.com|campaign-tapad.s3.amazonaws.com|google-analytics.com|googleads.g.doubleclick.net|html5adkit.plusmo.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|s.amazon-adsystem.com|s0.2mdn.net|strikeadcdn.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 409 409 5 13 0 391 ---------------------------------------------------------------------- [ D_Me_ADs ] Reload . completed .. Whitelist: admarvel.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|amazon-adsystem.com|entrecard.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|pagead.l.google.com|partnerad.l.google.com|video-stats.video.google.com|yab-adimages.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 2703 2703 443 10 0 2250 ---------------------------------------------------------------------- [ D_Me_Tracking ] Reload [ 08/12/18 15:13:16 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 34 34 6 0 0 28 ---------------------------------------------------------------------- [ hpHosts_ATS ] Reload . completed .. Whitelist: a6522.s3-website-us-east-1.amazonaws.com|aax-eu-rtb.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us-west.amazon-adsystem.com|ad-creatives-public.commondatastorage.googleapis.com|ad.doubleclick.net|admarvel.s3.amazonaws.com|ads.google.com|ads_ad_center.s3.amazonaws.com|adstracking.s3-website-us-west-1.amazonaws.com|advice-ads.s3.amazonaws.com|advrts.s3.amazonaws.com|adzerk-www.s3.amazonaws.com|airpushmarketing.s3.amazonaws.com|analytics.google.com|analyticsengine.s3.amazonaws.com|applab-sdk.amazon.com|arabmistress.s3.amazonaws.com|blamads-assets.s3.amazonaws.com|bo-videos.s3.amazonaws.com|c.amazon-adsystem.com|cadreon.s3.amazonaws.com|campaign-tapad.s3.amazonaws.com|cd-ladsp-com.s3.amazonaws.com|cdn.doubleverify.com|ce2-dev-trk.s3.amazonaws.com|ce2-dev.s3.amazonaws.com|chartaca.com.s3.amazonaws.com|cloudfront-labs.amazonaws.com|com.djinnworks.sdm.s3.amazonaws.com|convertglobal.s3.amazonaws.com|demandmedia.s3.amazonaws.com|deskwww.s3.amazonaws.com|device-metrics-us-2.amazon.com|ec2-54-171-97-32.eu-west-1.compute.amazonaws.com|ec2-54-225-149-4.compute-1.amazonaws.com|ec2-54-235-183-132.compute-1.amazonaws.com|epowernetworktrackerimages.s3.amazonaws.com|evs-hosted-14facd241e1c08.s3.amazonaws.com|fls-eu.amazon-adsystem.com|fls-eu.amazon.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|forumwarz.s3.amazonaws.com|gateways.s3.amazonaws.com|getbarometer.s3.amazonaws.com|getsidecar.s3.amazonaws.com|gfaf-banners.s3.amazonaws.com|gg.google.com|google-analytics.com|googleads.g.doubleclick.net|googleadservices.com|googletagmanager.com|homad-global-configs-eu-fra.schneevonmorgen.com.s3.amazonaws.com|html5adkit.plusmo.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|id.google.com|immassets.s3.amazonaws.com|inneractive-assets.s3.amazonaws.com|inpref.s3-external-3.amazonaws.com|inpref.s3.amazonaws.com|interactive-assets.s3.amazonaws.com|ir-de.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-na.amazon-adsystem.com|kkastatic.s3.amazonaws.com|kraken-measurements.s3.amazonaws.com|livechat.s3.amazonaws.com|loved-by.s3.amazonaws.com|ltassrv.com.s3.amazonaws.com|mads.amazon-adsystem.com|magnify360-cdn.s3.amazonaws.com|matchbin-assets.s3.amazonaws.com|myadserve.s3-website-us-east-1.amazonaws.com|news-whistleout.s3.amazonaws.com|nxa-ls.s3.amazonaws.com|optimizely.s3.amazonaws.com|pagead2.googleadservices.com|partner.googleadservices.com|ps-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-images.amazon.com|rcm.amazon.com|rich-agent.s3.amazonaws.com|s.amazon-adsystem.com|s0.2mdn.net|s3-tracking.synthasite.net.s3.amazonaws.com|sana.newsinc.com.s3.amazonaws.com|sdsbucket.s3.amazonaws.com|spyhunter-download.s3.amazonaws.com|ssl.google-analytics.com|strikeadcdn.s3.amazonaws.com|thetradedesk-tags.s3.amazonaws.com|trafficads.s3-website-us-west-1.amazonaws.com|tree-pixel-log.s3.amazonaws.com|twitter-badges.s3.amazonaws.com|v.amazon-adsystem.com|vice-ads.s3.amazonaws.com|video-stats.video.google.com|whistleout.s3.amazonaws.com|wms-eu.amazon-adsystem.com|wms-fe.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-na.amazon-adsystem.com|ws.amazon.com|www.google-analytics.com|www.googleadservices.com|www.googletagmanager.com|www.googletagservices.com|yc-ads.s3.amazonaws.com|z-na.amazon-adsystem.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 45751 45748 2267 115 0 43366 ---------------------------------------------------------------------- [ Cameleon ] Reload [ 08/12/18 15:13:25 ] . completed .. Whitelist: 4.afs.googleadservices.com|aax-eu.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax.amazon-adsystem.com|ad.doubleclick.net|adwords.google.com|c.amazon-adsystem.com|cdn.doubleverify.com|fls-eu.amazon-adsystem.com|fls-na.amazon-adsystem.com|google-analytics.com|googleads.g.doubleclick.net|ir-de.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|pagead-googlehosted.l.google.com|pagead2.googleadservices.com|partner.googleadservices.com|ps-eu.amazon-adsystem.com|ps-us.amazon-adsystem.com|rcm-eu.amazon-adsystem.com|rcm-images.amazon.com|rcm-na.amazon-adsystem.com|rcm.amazon.com|s.amazon-adsystem.com|s0.2mdn.net|ssl.google-analytics.com|tags.tiqcdn.com|video-stats.video.google.com|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-na.amazon-adsystem.com|www.google-analytics.com|www.googleadservices.com|www.googletagmanager.com|www.googletagservices.com|z-na.amazon-adsystem.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 20567 20567 5943 39 0 14585 ---------------------------------------------------------------------- [ SBL_ADs ] Reload [ 08/12/18 15:13:29 ] . completed .. Whitelist: aax-cpm.amazon-adsystem.com|aax.amazon-adsystem.com|admarvel.s3.amazonaws.com|ads.amazon.com|ads.google.com|ads5.iphone.s3.amazonaws.com|adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|c.amazon-adsystem.com|entrecard.s3.amazonaws.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|googleadservices.com|interactive-assets.s3.amazonaws.com|ir-na.amazon-adsystem.com|ltassrv.com.s3.amazonaws.com|mads.amazon-adsystem.com|pagead.l.google.com|partnerad.l.google.com|ps-us.amazon-adsystem.com|rcm-cn.amazon-adsystem.com|rcm-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|s0.2mdn.net|video-stats.video.google.com|wms-fe.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-fe.amazon-adsystem.com|ws-na.amazon-adsystem.com|yab-adimages.s3.amazonaws.com|z-na.amazon-adsystem.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 4553 4553 4031 34 0 488 ---------------------------------------------------------------------- [ Yoyo ] Reload [ 08/12/18 15:13:30 ] . completed .. Whitelist: adzerk.s3.amazonaws.com|alexa-sitestats.s3.amazonaws.com|amazon-adsystem.com|analytics.google.com|clientmetrics-pa.googleapis.com|digital-ads.s3.amazonaws.com|entrecard.s3.amazonaws.com|google-analytics.com|googleadservices.com|pagead.l.google.com|partnerad.l.google.com|video-stats.video.google.com|www-google-analytics.l.google.com|yab-adimages.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 2621 2621 2298 14 0 309 ---------------------------------------------------------------------- [ StevenBlack ] Reload [ 08/12/18 15:13:31 ] . completed .. Whitelist: 4.afs.googleadservices.com|aan.amazon.com|aax-cpm.amazon-adsystem.com|aax-eu-rtb-adx.amazon-adsystem.com|aax-eu-rtb.amazon-adsystem.com|aax-eu-test.amazon-adsystem.com|aax-eu-test1.amazon-adsystem.com|aax-eu-test2.amazon-adsystem.com|aax-eu-test3.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-pek.amazon-adsystem.com|aax-fe-sin-rtb-adx.amazon-adsystem.com|aax-fe-sin-rtb.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-opf-us-east.amazon-adsystem.com|aax-us-east-rtb-adx.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east-test.amazon-adsystem.com|aax-us-east-test1.amazon-adsystem.com|aax-us-east-test2.amazon-adsystem.com|aax-us-east-test3.amazon-adsystem.com|aax-us-east-test4.amazon-adsystem.com|aax-us-east-test5.amazon-adsystem.com|aax-us-east-test6.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx-rtb-adx.amazon-adsystem.com|aax-us-pdx-rtb.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us-west.amazon-adsystem.com|aax-vx-eu-dub.amazon-adsystem.com|aax-vx-eu-eu-west-1.amazon-adsystem.com|aax-vx-fe-pdx.amazon-adsystem.com|aax-vx-fe-us-west-2.amazon-adsystem.com|aax-vx-us-iad.amazon-adsystem.com|aax-vx-us-pdx.amazon-adsystem.com|aax-vx-us-us-east-1.amazon-adsystem.com|aax-vx-us-us-west-2.amazon-adsystem.com|aax.amazon-adsystem.com|aax.amazon.amazon-adsystem.com|ad.doubleclick.net|adagiobanner.s3.amazonaws.com|admarvel.s3.amazonaws.com|adserver-clarium-446793891.us-east-1.elb.amazonaws.com|adservers-users-1-1251423768.us-east-1.elb.amazonaws.com|adservice.google.com|adservices.google.com|adtago.s3.amazonaws.com|advice-ads.s3.amazonaws.com|adzerk.s3.amazonaws.com|alb-prod-invenio-1916515004.us-west-2.elb.amazonaws.com|alexa-sitestats.s3.amazonaws.com|amazon-adsystem.com|analytics.google.com|anvato-api-config.s3.amazonaws.com|api-ntv-elb-1185445618.us-east-1.elb.amazonaws.com|appsflyer-web-1810875176.eu-west-1.elb.amazonaws.com|appsflyer-web-2-1926050047.eu-west-1.elb.amazonaws.com|appsflyer-web-3-1052820924.eu-west-1.elb.amazonaws.com|appsflyer-web-4-962407740.eu-west-1.elb.amazonaws.com|appsflyer-web-5-2093104013.eu-west-1.elb.amazonaws.com|assoc-msdk-cn.amazon-adsystem.com|assoc-msdk-eu.amazon-adsystem.com|assoc-msdk-fe.amazon-adsystem.com|assoc-msdk-metrics-us.amazon-adsystem.com|assoc-msdk-us.amazon-adsystem.com|beacon-17-537698933.us-east-1.elb.amazonaws.com|btf-analytics.s3.amazonaws.com|bugsnag.appstore.a2z.com|builds.aca.bugsnag.appstore.a2z.com|builds.bugsnag.appstore.a2z.com|builds.firetv.bugsnag.appstore.a2z.com|c.amazon-adsystem.com|campaign-tapad.s3.amazonaws.com|cctldtest.google-analytics.com|cdn-a.amazon-adsystem.com|cdn-c.amazon-adsystem.com|cdn-d.amazon-adsystem.com|cdn-s.amazon-adsystem.com|cdn-t.amazon-adsystem.com|cdn-z.amazon-adsystem.com|cdn.doubleverify.com|cdn.installationsafe.net.s3.amazonaws.com|clientmetrics-pa.googleapis.com|cookiesync-mynativeplatform-347915877.us-east-1.elb.amazonaws.com|da-cdn.amazon-adsystem.com|da-v-eu.amazon-adsystem.com|da-v-fe.amazon-adsystem.com|da-v-na.amazon-adsystem.com|da-v-sin.amazon-adsystem.com|dashboard.1p.bugsnag.appstore.a2z.com|dashboard.aca.bugsnag.appstore.a2z.com|dashboard.bugsnag.appstore.a2z.com|dashboard.firetv.bugsnag.appstore.a2z.com|dataswitch-ads-75496044.us-east-1.elb.amazonaws.com|dcs-edge-va6-802167536.us-east-1.elb.amazonaws.com|device-fingerprintdb-v1.s3.amazonaws.com|device-metrics-us-2.amazon.com|device-metrics-us.amazon.com|digital-ads.s3.amazonaws.com|dra-eu.amazon-adsystem.com|dra.amazon-adsystem.com|dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com|ec2-13-58-215-234.us-east-2.compute.amazonaws.com|ecommstats.s3.amazonaws.com|entrecard.s3.amazonaws.com|exitsplash.s3.amazonaws.com|feedads.googleadservices.com|fls-cn.amazon-adsystem.com|fls-eu.amazon-adsystem.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|fls-na.amazon.com|google-analytics.com|googleads.g.doubleclick.net|googleadservices.com|googletagservices.com|gx-in-f109.1e100.net|hooks.1p.bugsnag.appstore.a2z.com|hooks.aca.bugsnag.appstore.a2z.com|hooks.bugsnag.appstore.a2z.com|hooks.firetv.bugsnag.appstore.a2z.com|html5adkit.plusmo.s3.amazonaws.com|htmlads.s3.amazonaws.com|iacpromotion.s3.amazonaws.com|imasdk.googleapis.com|inneractive-assets.s3.amazonaws.com|insight-760077375.us-east-1.elb.amazonaws.com|ir-br.amazon-adsystem.com|ir-ca.amazon-adsystem.com|ir-cn.amazon-adsystem.com|ir-de.amazon-adsystem.com|ir-es.amazon-adsystem.com|ir-fr.amazon-adsystem.com|ir-in.amazon-adsystem.com|ir-it.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-mx.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|load.s3.amazonaws.com|localhost.localdomain|log-c-907025318.us-east-1.elb.amazonaws.com|logger-prod-us-east-1-vpc-alb-1251201355.us-east-1.elb.amazonaws.com|m4.afs.googleadservices.com|mads-eu.amazon-adsystem.com|mads-fe.amazon-adsystem.com|mads.amazon-adsystem.com|mads.amazon.com|mas-sdk.amazon-adsystem.com|matchbin-assets.s3.amazonaws.com|metrics-collector-1584522448.us-east-1.elb.amazonaws.com|mimageads.googleadservices.com|mimageads1.googleadservices.com|mimageads2.googleadservices.com|mimageads3.googleadservices.com|mimageads4.googleadservices.com|mimageads5.googleadservices.com|mimageads6.googleadservices.com|mimageads7.googleadservices.com|mimageads8.googleadservices.com|mimageads9.googleadservices.com|mobileanalytics.us-east-1.amazonaws.com|mobileanalytics.us-east-2.amazonaws.com|mobileanalytics.us-west-1.amazonaws.com|mobileanalytics.us-west-2.amazonaws.com|mondoads.s3.amazonaws.com|mpartner.googleadservices.com|mu-in-f167.1e100.net|ncads.s3.amazonaws.com|nginx-ad-stacka-1467818758.us-east-1.elb.amazonaws.com|notify.1p.bugsnag.appstore.a2z.com|notify.aca.bugsnag.appstore.a2z.com|notify.bugsnag.appstore.a2z.com|notify.firetv.bugsnag.appstore.a2z.com|pagead-googlehosted.l.google.com|pagead.l.google.com|pagead2.googleadservices.com|partner.googleadservices.com|partnerad.l.google.com|partners-1732315393.us-east-1.elb.amazonaws.com|pixel-use201-lighttpd-elb-1612913623.us-east-2.elb.amazonaws.com|privacycollector-production-457481513.us-east-1.elb.amazonaws.com|production-adserver-666328397.us-east-1.elb.amazonaws.com|propixel7-768394228.us-east-1.elb.amazonaws.com|ps-eu.amazon-adsystem.com|ps-jp.amazon-adsystem.com|ps-us.amazon-adsystem.com|rcm-cn.amazon-adsystem.com|rcm-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|rcm-images.amazon.com|rcm-na.amazon-adsystem.com|rcm.amazon.com|replicated.aca.bugsnag.appstore.a2z.com|replicated.firetv.bugsnag.appstore.a2z.com|rpc-tapjoy-com-lb-1378811527.us-east-1.elb.amazonaws.com|rumcollector-lb-304223083.us-east-1.elb.amazonaws.com|s-beta-opf.amazon-adsystem.com|s-beta.amazon-adsystem.com|s.amazon-adsystem.com|s0.2mdn.net|sejs.moatads.com|sessions.aca.bugsnag.appstore.a2z.com|sessions.bugsnag.appstore.a2z.com|sessions.firetv.bugsnag.appstore.a2z.com|slate-ad-scripts.s3.amazonaws.com|somoreq-track-west-1951866777.us-west-1.elb.amazonaws.com|springclick-ads.s3.amazonaws.com|spyhunter-download.s3.amazonaws.com|ssl.google-analytics.com|static-shareaholic.s3.amazonaws.com|strikeadcdn.s3.amazonaws.com|sync.cmedia.s3.amazonaws.com|tags.tiqcdn.com|tapjoy-com-lb-vpc-332546193.us-east-1.elb.amazonaws.com|thepiratebay.org|tps.doubleverify.com|tracker-sp-elb-1474841806.us-east-1.elb.amazonaws.com|tracking-prod-public-2025738748.us-east-1.elb.amazonaws.com|tracking.opencandy.com.s3.amazonaws.com|uedata.amazon.com|upload.1p.bugsnag.appstore.a2z.com|upload.aca.bugsnag.appstore.a2z.com|upload.bugsnag.appstore.a2z.com|upload.firetv.bugsnag.appstore.a2z.com|v-eu-preprod.amazon-adsystem.com|v-eu.amazon-adsystem.com|v-preprod.amazon-adsystem.com|v.amazon-adsystem.com|vaes-eu-preprod.amazon-adsystem.com|vaes-eu.amazon-adsystem.com|vaes-fe-preprod.amazon-adsystem.com|vaes-fe.amazon-adsystem.com|vaes-na-preprod.amazon-adsystem.com|vaes-na.amazon-adsystem.com|vaes-preprod.dub.amazon-adsystem.com|vaes-preprod.iad.amazon-adsystem.com|vaes-preprod.pdx.amazon-adsystem.com|vaes.amazon-adsystem.com|vaes.dub.amazon-adsystem.com|vaes.iad.amazon-adsystem.com|vaes.iad.preprod.amazon-adsystem.com|vaes.pdx.amazon-adsystem.com|vaes.pdx.preprod.amazon-adsystem.com|video-stats.video.google.com|viewerstats.docstoc.com.s3.amazonaws.com|vml1.s3.amazonaws.com|vpc-prod-adsdk-lb-0-564898962.us-east-1.elb.amazonaws.com|wms-cn.amazon-adsystem.com|wms-eu.amazon-adsystem.com|wms-fe.amazon-adsystem.com|wms-in.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-cn.amazon-adsystem.com|ws-ea.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-fe.amazon-adsystem.com|ws-in.amazon-adsystem.com|ws-na.amazon-adsystem.com|www-google-analytics.l.google.com|www.google-analytics.com|www.googleadservices.com|www.googletagmanager.com|www.googletagservices.com|www.partner.googleadservices.com|www.thepiratebay.org|yab-adimages.s3.amazonaws.com|yx-in-f108.1e100.net|z-eu.amazon-adsystem.com|z-fe.amazon-adsystem.com|z-in.amazon-adsystem.com|z-na.amazon-adsystem.com|znaptag-us.s3.amazonaws.com| ---------------------------------------------------------------------- Orig. Unique # Dups # White # TOP1M Final ---------------------------------------------------------------------- 71981 71981 17256 274 0 54451 ---------------------------------------------------------------------- ------------------------------------------------------------------------ Assembling DNSBL database... completed [ 08/12/18 15:13:45 ] TLD: Blocking full TLD/Sub-Domain(s)... |xxx| completed TLD analysis.. completed [ 08/12/18 15:14:16 ] TLD finalize........... ---------------------------------------- Original Matches Removed Final ---------------------------------------- 131506 46838 58151 73355 ----------------------------------------- TLD finalize... completed [ 08/12/18 15:14:26 ] Saving DNSBL database... completed Reloading Unbound Resolver..... completed [ 08/12/18 15:14:33 ] DNSBL update [ 73355 | PASSED ]... completed ------------------------------------------------------------------------ Restarting DNSBL Service ===[ GeoIP Process ]============================================ ===[ IPv4 Process ]================================================= [ Abuse_DYRE_v4 ] Reload [ 08/12/18 15:14:34 ] . completed .. ------------------------------ Original Master Final ------------------------------ 6 6 6 [ Pass ] ----------------------------------------------------------------- [ Feodo_BadIPs_v4 ] Reload . completed .. Empty file, Adding '10.1.10.2' to avoid download failure. ------------------------------ Original Master Final ------------------------------ 0 1 1 [ Pass ] ----------------------------------------------------------------- [ Feodo_Block_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 1498 1498 1498 [ Pass ] ----------------------------------------------------------------- [ Abuse_IPBL_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 315 315 315 [ Pass ] ----------------------------------------------------------------- [ Abuse_SSLBL_v4 ] Reload [ 08/12/18 15:14:35 ] . completed .. ------------------------------ Original Master Final ------------------------------ 55 54 54 [ Pass ] ----------------------------------------------------------------- [ Abuse_Zeus_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 104 103 103 [ Pass ] ----------------------------------------------------------------- [ BBC_C2_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 179 164 164 [ Pass ] ----------------------------------------------------------------- [ CINS_army_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 15000 15000 15000 [ Pass ] ----------------------------------------------------------------- [ ET_Block_v4 ] Reload [ 08/12/18 15:14:37 ] . completed .. ------------------------------ Original Master Final ------------------------------ 2422 828 828 [ Pass ] ----------------------------------------------------------------- [ ET_Comp_v4 ] Reload [ 08/12/18 15:14:38 ] . completed .. ------------------------------ Original Master Final ------------------------------ 699 630 630 [ Pass ] ----------------------------------------------------------------- [ ISC_1000_30_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 8004 239 239 [ Pass ] ----------------------------------------------------------------- [ ISC_Block_v4 ] Reload [ 08/12/18 15:14:39 ] . completed .. Empty file, Adding '10.1.10.2' to avoid download failure. ------------------------------ Original Master Final ------------------------------ 0 0 0 [ Pass ] ----------------------------------------------------------------- [ Spamhaus_Drop_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 828 1 1 [ Pass ] ----------------------------------------------------------------- [ Spamhaus_eDrop_v4 ] Reload [ 08/12/18 15:14:40 ] . completed .. ------------------------------ Original Master Final ------------------------------ 115 105 105 [ Pass ] ----------------------------------------------------------------- [ Talos_BL_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 1467 1381 1381 [ Pass ] ----------------------------------------------------------------- ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]================================ Firewall rule changes found, applying Filter Reload Archiving Aliastable folder Archiving selected pfBlockerNG files. ** Restarting firewall filter daemon ** ===[ FINAL Processing ]===================================== [ Original IP count ] [ 30692 ] [ Final IP Count ] [ 20325 ] ===[ Deny List IP Counts ]=========================== 20326 total 15000 /var/db/pfblockerng/deny/CINS_army_v4.txt 1498 /var/db/pfblockerng/deny/Feodo_Block_v4.txt 1381 /var/db/pfblockerng/deny/Talos_BL_v4.txt 828 /var/db/pfblockerng/deny/ET_Block_v4.txt 630 /var/db/pfblockerng/deny/ET_Comp_v4.txt 315 /var/db/pfblockerng/deny/Abuse_IPBL_v4.txt 239 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt 164 /var/db/pfblockerng/deny/BBC_C2_v4.txt 105 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt 103 /var/db/pfblockerng/deny/Abuse_Zeus_v4.txt 54 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 6 /var/db/pfblockerng/deny/Abuse_DYRE_v4.txt 1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt 1 /var/db/pfblockerng/deny/ISC_Block_v4.txt 1 /var/db/pfblockerng/deny/Feodo_BadIPs_v4.txt ====================[ Empty Lists w/10.1.10.2 ]================== Feodo_BadIPs_v4.txt ISC_Block_v4.txt ===[ DNSBL Domain/IP Counts ] =================================== 73355 total 35827 /var/db/pfblockerng/dnsbl/StevenBlack.txt 15602 /var/db/pfblockerng/dnsbl/EasyList.txt 10922 /var/db/pfblockerng/dnsbl/hpHosts_ATS.txt 8115 /var/db/pfblockerng/dnsbl/Cameleon.txt 2046 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt 457 /var/db/pfblockerng/dnsbl/SBL_ADs.txt 300 /var/db/pfblockerng/dnsbl/Yoyo.txt 58 /var/db/pfblockerng/dnsbl/Adaway.txt 27 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt 1 /var/db/pfblockerng/dnsbl/DNSBL_TLD.txt ====================[ IPv4/6 Last Updated List Summary ]============== May 27 06:58 Spamhaus_eDrop_v4 Jul 18 05:15 Abuse_DYRE_v4 Aug 10 00:22 Spamhaus_Drop_v4 Aug 10 00:30 ET_Block_v4 Aug 10 00:30 ET_Comp_v4 Aug 12 13:46 Abuse_Zeus_v4 Aug 12 14:16 BBC_C2_v4 Aug 12 14:19 CINS_army_v4 Aug 12 14:31 ISC_Block_v4 Aug 12 14:45 Abuse_SSLBL_v4 Aug 12 14:55 Abuse_IPBL_v4 Aug 12 15:00 Feodo_BadIPs_v4 Aug 12 15:00 Feodo_Block_v4 Aug 12 15:00 ISC_1000_30_v4 Aug 12 15:00 Talos_BL_v4 ====================[ DNSBL Last Updated List Summary ]============== Jul 31 2015 D_Me_Tracking Mar 9 2016 D_Me_ADs Jan 20 2018 Adaway Mar 18 05:51 Cameleon Aug 8 09:37 hpHosts_ATS Aug 11 04:29 Yoyo Aug 12 09:17 SBL_ADs Aug 12 13:40 EasyList Aug 12 13:45 StevenBlack =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 20326 total 20326 /var/db/aliastables/pfB_PRI1_v4.txt 0 /var/db/aliastables/pfB_DNSBLIP.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 3250 UPDATE PROCESS ENDED [ 08/12/18 15:14:49 ] -
Just to give additional screenshots:
There's a lot of entries in dns resolver like this:
-
And when you disable DNSBL, does the resolver works fine ?
Maybe post your Resolver configuration.How much memory on the box? Check the memory usage with Diagnostics System Activity and Status Monitoring.
To keep the configuration and clear the database:
-
Disable PfBlockerNG and Keep Settings, save.
-
Enable PfBlockerNG and Keep Settings, save
-
Force Reload All.
-
-
2gb of ram:
DNS Resolver config (when pfblockerNG is running):
-
forgot to mention that I restarted dns resolver with pfblockerNG disabled, and the errors in resolving stopped showing up in the logs... maybe it was because nothing else uses it, not sure.
-
@bbcan177 said in PfBlockerNG v2.0 w/DNSBL:
pfSense has two types of DNS Services
-
DNS Forwarder
-
DNS Resolver
If you plan on using the DNSBL feature, you will need to use the DNS Resolver for your DNS queries, the DNS Forwarder is not an option for DNSBL. Its probably best to ensure that the DNS Resolver is working before using DNSBL.
The DNS Resolver is developed by NLnet Labs and is named 'Unbound'. It is a validating, recursive and caching DNS resolver. https://www.unbound.net/index.html
Some recommendations:
-
The DNS Resolver can also be used in 'Forwardering mode'; however its best to not use this 'Forwarding mode' and keep it in 'resolver mode' as this will query the Root DNS servers for the DNS queries instead of relying on an ISPs DNS etc…
-
If you use the 'DNS Resolver Forwarder mode', only configure 'DNSSEC' if the configured DNS servers support DNSSEC. The enabling of 'DNSSEC' to harden your DNS security is highly recommended.
-
Disable the two "DHCP registrations" checkboxes, unless you really require those options.
Here is a good primer about the DNS Resolver (Unbound) https://calomel.org/unbound_dns.html
Disable DHCP Registrations as every new lease will restart Unbound
Static registration will restart unbound on DHCP services modification. -
-
@mcampbell said in pfBlockerNG Devel 2.2.1 upgrade fails to start pfb_dnsbl service:
2gb of ram:
Well this isn't much memory for DNSBL usage.
You are also using RAM Disk for /var and /tmp, so they are competing for RAM with unbound when a Reload or Cron update is running. -
I never had a problem with it before on the non devel version of pfblockerNG. I was using the standard version of pfblockerNG for months without issues--except when trying to use the the Amazon app on my phone on the network--it was constantly giving errors. My desire for greater visibility into what exactly was being blocked is what prompted me to upgrade to the devel version. Unless you're saying the new version is that much more memory intensive? At any rate, I can probably upgrade the ram without much issues... it's a little bookshelf type PC, but it should support up to 4GB of RAM.
-
@mcampbell Maybe it's an idea to reinstall the 2.2.1 develop and only enable DNSBL_ADs in DNSBL (certianly not TLD) and the force an update (my 2 cents),
btw what's your pfSense version?
-
Check the pfSense system log and the resolver.log for any error messages. For unbound, suggest to increase the Adv setting "Log Verbosity" to "2".
You can also run the following command to see if it reports and errors:
/usr/local/etc/rc.d/pfb_dnsbl.sh restart -
@Qinn , when I uninstalled everything, including settings, it still wasn't starting up, even with no settings loaded. I would think it should start up then. 2.4.3-RELEASE-p1 is what I'm currently on, though when I started this venture, I was on 2.4.3.
@BBcan177 , thanks for the advice, I will definitely try those out. I am linux savvy, so I know my way around on the linux side of things, but wasn't sure where the scripts ran on pfsense. I will happily try it out.
-
it already bore unexpected fruit:
[2.4.3-RELEASE][root@pfsense.home]/usr/local/etc/rc.d: ./pfb_dnsbl.sh restart 2018-08-14 21:35:14: (network.c.313) can't bind to socket: 10.1.10.2:443 Can't assign requested addressI don't believe anything is bound to that IP. Worth trying a different one?
-
Holy smokes, tried 3 or 4 very different IPs within the 10.x.x.x subnet, all ones that are not being used by my pfsense for any of its networks, before I finally decided to try 10.254.254.254. That did it! it's actually running. No idea why it wasn't working with any of the others... I'll take it though. Thanks everyone for helping me out!
-
What does this report? What IP range did you use for Openvpn? You don't need to stay in the 10 range... Can also try 192.168 or any other private IP range (RFC1918)
ifconfig
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.