Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG-devel feedback

    Scheduled Pinned Locked Moved pfBlockerNG
    102 Posts 26 Posters 100.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator @occamsrazor
      last edited by

      @occamsrazor

      Blutmagie needs to have the State set to "flex" since the TLS settings or the certificates of the site are poor.

      For the Dan.me feed, they have rate-limiting. You can move that feed into its own Alias "TOR2" and set it update every 4 hours... I might have to adjust the Feeds Tab to account for this issue. I have been after Dan.me for several months to try to improve this issue. Part of the problem is that pfBlockerNG checks the last-time-stamp of the Feed and Dan.me is counting this as a download attempt which causes the rate-limiting issue.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • U
        un1que
        last edited by

        Since some days I have some troubles using pfBlockerNG. From time to time there appears a notification:

        There were error(s) loading the rules: /tmp/rules.debug:52: cannot define table pfB_Level4_v4: Cannot allocate memory - The line in question reads [52]: table <pfB_Level4_v4> persist file "/var/db/aliastables/pfB_Level4_v4.txt"
        @ 2018-09-16 00:38:28
        

        Has anyone an idea what the solution might be?

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by BBcan177

          @un1que said in pfBlockerNG-devel feedback:

          Cannot allocate memory

          Need to increase the pfSense > System > Advanced > Firewall & NAT > Firewall Maximum Table Entries
          The package defaults it to "2000000", but you might need to increase that value depending on how many Aliastable entries you have.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          U 1 Reply Last reply Reply Quote 0
          • U
            un1que @BBcan177
            last edited by

            @bbcan177
            Thanks for your reply! I’ll try that.

            I now reloaded the IP values via force update and at the end of that process I found those numbers:

            pfSense Table Stats
            -------------------
            table-entries hard limit  2000000
            Table Usage Count         104384
            

            Before your hint I had 600000 table entries set in advanced settings. But for only about 100k used entries it should have been enough, isn’t it?

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS
              last edited by

              And the table-entries hard limit was showing 600000 in pfblockerng.log before you made the change ?

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              U 1 Reply Last reply Reply Quote 0
              • U
                un1que @RonpfS
                last edited by

                @ronpfs
                I can’t say yet, but I think at the end of the force update process it was showing 600k instead of 2mio now, yes.

                1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned
                  last edited by

                  I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

                  BBcan177B occamsrazorO 3 Replies Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator @Grimson
                    last edited by BBcan177

                    @grimson said in pfBlockerNG-devel feedback:

                    I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

                    Can you check this:
                    https://forum.netgate.com/topic/135893/getting-crash-reports-after-updating-to-2-4-4/24

                    php -v
                    php_pfb -v
                    

                    Versions should match.

                    You can also try to start from the shell to see if it shows any errors:

                    /usr/local/etc/rc.d/pfb_filter.sh restart
                    

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    GrimsonG 1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator @Grimson
                      last edited by BBcan177

                      @grimson said in pfBlockerNG-devel feedback:

                      I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

                      I think its running:

                      ps auxww | grep pfb
                      
                      /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)
                      

                      But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".

                      So as long as your still getting firewall events in the Alerts/Reports tab, then it is still working, just not showing that in the the services status as "running".

                      Still investigating...

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      1 Reply Last reply Reply Quote 1
                      • occamsrazorO
                        occamsrazor @Grimson
                        last edited by

                        @grimson said in pfBlockerNG-devel feedback:

                        I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

                        Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.

                        pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
                        Ubiquiti Unifi wired and wireless network, APC UPSs
                        Mac OSX and IOS devices, QNAP NAS

                        1 Reply Last reply Reply Quote 0
                        • BBcan177B
                          BBcan177 Moderator
                          last edited by

                          @occamsrazor said in pfBlockerNG-devel feedback:

                          Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.

                          I posted a PR which reverts the symlink change... Will be v2.2.5_17 once that is merged.

                          https://github.com/pfsense/FreeBSD-ports/pull/575

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          XentrkX 1 Reply Last reply Reply Quote 1
                          • GrimsonG
                            Grimson Banned @BBcan177
                            last edited by

                            Sorry for the late answer, I got an emergency call from work and had to leave.

                            @bbcan177 said in pfBlockerNG-devel feedback:

                            php -v
                            php_pfb -v
                            

                            Versions should match.

                            Both show the same version:

                            PHP 7.2.10 (cli) (built: Sep 14 2018 11:32:18) ( NTS )
                            Copyright (c) 1997-2018 The PHP Group
                            Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
                                with Zend OPcache v7.2.10, Copyright (c) 1999-2018, by Zend Technologies
                            

                            You can also try to start from the shell to see if it shows any errors:

                            /usr/local/etc/rc.d/pfb_filter.sh restart
                            

                            Restarts without an error.

                            I think its running:

                            ps auxww | grep pfb
                            
                            /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)
                            

                            Yes it's running.

                            But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".

                            Yep, looks like it.

                            1 Reply Last reply Reply Quote 1
                            • XentrkX
                              Xentrk @BBcan177
                              last edited by

                              @bbcan177
                              I landed here by doing a search as I have the same issue. Thanks for the update!

                              pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
                              Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

                              1 Reply Last reply Reply Quote 0
                              • GrimsonG
                                Grimson Banned
                                last edited by

                                BBcan177 posted a quick fix here: https://forum.netgate.com/topic/136155/2-4-4-upgrade-messed-pfbng-beta/3 if the red status icon is bothering you.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  stownplayer
                                  last edited by

                                  Just updated and still have the same issue. I'm on 2.2.5_17 and the filter service is still red.

                                  occamsrazorO 1 Reply Last reply Reply Quote 0
                                  • occamsrazorO
                                    occamsrazor @stownplayer
                                    last edited by

                                    @stownplayer Try the quick fix in the post 2 above this.... worked fine for me.

                                    pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
                                    Ubiquiti Unifi wired and wireless network, APC UPSs
                                    Mac OSX and IOS devices, QNAP NAS

                                    S 1 Reply Last reply Reply Quote 0
                                    • S
                                      stownplayer @occamsrazor
                                      last edited by

                                      @occamsrazor We think my pfsense install is corrupted in some way. I'm going to re-install 2.4.4 and then reload the config. I tried those commands not long after they were posted and it did not work.

                                      1 Reply Last reply Reply Quote 0
                                      • VeldkornetV
                                        Veldkornet
                                        last edited by Veldkornet

                                        On my dashboard, DNSBL always has a yellow icon and says

                                        DNSBL is out of sync. Perform a force reload to correct.
                                        

                                        0_1538905435877_11dec9f0-7baf-4b97-a9e7-cb372d0d80c8-image.png

                                        Although I’ve already done a force reload a few times...

                                        Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

                                        BBcan177B 1 Reply Last reply Reply Quote 0
                                        • H
                                          Hugovsky
                                          last edited by

                                          after upgrade to latest _17, I can't open 10.10.10.1 with browser. pfBlocker seems to be working and logging fine but can't get the 10.10.10.1 page. Is it normal?

                                          BBcan177B 1 Reply Last reply Reply Quote 0
                                          • BBcan177B
                                            BBcan177 Moderator @Veldkornet
                                            last edited by

                                            @veldkornet said in pfBlockerNG-devel feedback:

                                            On my dashboard, DNSBL always has a yellow icon and says
                                            DNSBL is out of sync. Perform a force reload to correct.

                                            Although I’ve already done a force reload a few times...
                                            Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

                                            For the Sync issue: Typically this is caused by having multiple feeds with the same "Header/Label" name. Every Header needs to be unique. Also can be caused if you have a duplicated Feed.

                                            For the Certificate errors, you can fix this in pfBlockerNG-devel, see here:
                                            https://forum.netgate.com/topic/136302/is-hiding-dnsbl-alerts-without-whitlisting-possible

                                            "Experience is something you don't get until just after you need it."

                                            Website: http://pfBlockerNG.com
                                            Twitter: @BBcan177  #pfBlockerNG
                                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                            VeldkornetV 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.