pfBlockerNG-devel feedback

Grimson

@bbcan177 said in pfBlockerNG-devel feedback:

@grimson that was fixed early on. You must have been an early tester and created those easylist entries with the old code. You could try a "save" in the Easylist Tab to see if that repairs those entries.

No, a save does mix them up differently but they still don't match.

RonpfS

@bartkowski You could try to increase the "memory_limit" settings in /etc/inc/config.inc. This change will be lost when you upgrade pfsense as it installs the defaut config.inc.

// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
	ini_set("memory_limit", "512M");
} else {
	ini_set("memory_limit", "128M");
}

You can also the limit the size of pfblocker log files in pfBlockerNG / General Tab / Log Settings .

bartkowski

@ronpfs I'm running the SG-2440 with stock RAM. I'll give this a try.

Edit: My config.inc file shows the same memory limits.

Grimson

Ok, I did a fresh install (removed previous package and cleaned out any remaining files in /tmp) of pfBlockerNG-devel version 2.2.5_10 on pfSense 2.4.3p1.

On the first visit of the EasyList feeds page everything is fine. Then I enabled EasyList, EasyPrivacy and Easylist German with all of their content, set Action to Unbound and saved the settings. Now the feed URLs in the UI are mixed up again. I'm using Firefox 61.0.2 but I see the same in IE. They do show fine in the config.xml, so I guess something gets mixed up when reading/interpreting the config for the UI:

0_1535117945591_easylist_config.txt

BBcan177

@grimson

I'm working on a patch for this... I will shoot you a PM if you don't mind testing that when its completed?

Grimson

@bbcan177 said in pfBlockerNG-devel feedback:

@grimson

I'm working on a patch for this... I will shoot you a PM if you don't mind testing that when its completed?

Happy to help, I have the System_Patches package installed so providing a patch is probably the easiest way to test the fix.

BBcan177

@grimson said in pfBlockerNG-devel feedback:

Happy to help, I have the System_Patches package installed so providing a patch is probably the easiest way to test the fix.

@Grimson, its just as easy to download the two patched files below. Let me know how it goes.

fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://raw.githubusercontent.com/BBcan177/FreeBSD-ports/patch-1/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc"

fetch -o /usr/local/www/pfblockerng/pfblockerng_category_edit.php "https://raw.githubusercontent.com/BBcan177/FreeBSD-ports/patch-1/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_category_edit.php"

Grimson

Looks good, I couldn't reproduce the issue anymore. Thanks.

BBcan177

@grimson said in pfBlockerNG-devel feedback:

Looks good, I couldn't reproduce the issue anymore. Thanks

Great. Thanks for testing. There are a bunch of changes in the next pull request:

https://github.com/pfsense/FreeBSD-ports/pull/559

lordbob75

I did not notice for a while, but it looks like ever since I upgraded to this version the DNSBL has been crashing and restarting every minute, along with the service watchdog.

I've also got the out of sync error, but I've force reloaded a bunch of times and the log just says DNSBL is out of sync. Not sure what to look for in it.

RonpfS

There is no need to place DNSBL under the System Watchdog.

You need to post the log of a Force Reload All if you want to get help.

One thing that can generate Out of Sync warnings is if you have Header/Label that are not unique.

lordbob75

@ronpfs ah, well then that should fix that part.

I've attached the log to this post.
0_1535239826092_pfblockerng.zip

RonpfS

@lordbob75

*** DNSBL update [ 850567 ] [ 824258 ] ... OUT OF SYNC ! *** [ 08/25/18 16:04:06 ]

850567 - 824258 = 26309

Searching for 26309 show that you load twice Malware_Domains


[ Malware_Domains ]		 Reload [ 08/25/18 15:58:47 ] . completed ..
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  26446    26446      137        0          0          26309                
  ----------------------------------------------------------------------


[ Malware_Domains ]		 Reload [ 08/25/18 15:59:21 ] . completed ..
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  26446    26446      137        0          0          26309                
  ----------------------------------------------------------------------

lordbob75

@ronpfs Awesome, thanks. I'll fix it. I'm not sure I understand how the number searched worked though. I'm not sure how to explain what I don't get about it.

   26309 /var/db/pfblockerng/dnsbl/Malware_Domains.txt

In that list, is that number like the start of where that list adds to the master list or something? If that makes sense?

RonpfS

@lordbob75 said in pfBlockerNG-devel feedback:

that number

That's the number of Domain Names computed after removing Whitelist, TOP1M, Duplicates from other lists, etc.

lordbob75

@ronpfs Ok, that's what I figured but wanted to confirm. I appreciate the help!

Edit: removing the duplicate entry did indeed fix it, awesome.

anttechs

I have tried it and loved it and I can't wait for it to come out :)

occamsrazor

I just took the plunge and moved to -devel....... It's fantastic. Having all the preset feeds and their organization into groups makes everything so much easier.

One question though.... I'm confused where to put individual IP addresses and domains that I want to whitelist from ALL the IPV4 feeds.

For DNSBL, I put domains in the DNSBL Whitelist box and that seems to work.

For IPV4 on the previous version I had two custom Permit lists, which have got carrried over to the -devel version:

0_1535738552244_Screen Shot 2018-08-31 at 20.57.32.jpg

For domains that I want converted to IPs and then whitelisted, I put "Whois" in the source box and the domains in IPv4 Custom_List and this seems to work:

0_1535738698058_Screen Shot 2018-08-31 at 21.03.44.jpg

But for IPs that I want whitelisted I put the IPs in IPv4 Custom_List but I don't know what to put for Source and when I leave it blank I get this error:

0_1535738796693_Screen Shot 2018-08-31 at 20.58.31.jpg

Am I doing this all wrong or where should I be putting these?

RonpfS

@occamsrazor said in pfBlockerNG-devel feedback:

For domains that I want converted to IPs and then whitelisted, I put "Whois" in the source box and the domains in IPv4 Custom_List and this seems to work:

You have to change the Format to Whois, then you type a Domain Name in the Source Field.

RonpfS

@occamsrazor said in pfBlockerNG-devel feedback:

But for IPs that I want whitelisted I put the IPs in IPv4 Custom_List but I don't know what to put for Source and when I leave it blank I get this error:

Change the State to Off