Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG-devel feedback

    Scheduled Pinned Locked Moved pfBlockerNG
    102 Posts 26 Posters 100.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator @Grimson
      last edited by BBcan177

      @grimson said in pfBlockerNG-devel feedback:

      I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

      I think its running:

      ps auxww | grep pfb
      
      /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)
      

      But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".

      So as long as your still getting firewall events in the Alerts/Reports tab, then it is still working, just not showing that in the the services status as "running".

      Still investigating...

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 1
      • occamsrazorO
        occamsrazor @Grimson
        last edited by

        @grimson said in pfBlockerNG-devel feedback:

        I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).

        Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.

        pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
        Ubiquiti Unifi wired and wireless network, APC UPSs
        Mac OSX and IOS devices, QNAP NAS

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          @occamsrazor said in pfBlockerNG-devel feedback:

          Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.

          I posted a PR which reverts the symlink change... Will be v2.2.5_17 once that is merged.

          https://github.com/pfsense/FreeBSD-ports/pull/575

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          XentrkX 1 Reply Last reply Reply Quote 1
          • GrimsonG
            Grimson Banned @BBcan177
            last edited by

            Sorry for the late answer, I got an emergency call from work and had to leave.

            @bbcan177 said in pfBlockerNG-devel feedback:

            php -v
            php_pfb -v
            

            Versions should match.

            Both show the same version:

            PHP 7.2.10 (cli) (built: Sep 14 2018 11:32:18) ( NTS )
            Copyright (c) 1997-2018 The PHP Group
            Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
                with Zend OPcache v7.2.10, Copyright (c) 1999-2018, by Zend Technologies
            

            You can also try to start from the shell to see if it shows any errors:

            /usr/local/etc/rc.d/pfb_filter.sh restart
            

            Restarts without an error.

            I think its running:

            ps auxww | grep pfb
            
            /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)
            

            Yes it's running.

            But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".

            Yep, looks like it.

            1 Reply Last reply Reply Quote 1
            • XentrkX
              Xentrk @BBcan177
              last edited by

              @bbcan177
              I landed here by doing a search as I have the same issue. Thanks for the update!

              pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
              Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

              1 Reply Last reply Reply Quote 0
              • GrimsonG
                Grimson Banned
                last edited by

                BBcan177 posted a quick fix here: https://forum.netgate.com/topic/136155/2-4-4-upgrade-messed-pfbng-beta/3 if the red status icon is bothering you.

                1 Reply Last reply Reply Quote 0
                • S
                  stownplayer
                  last edited by

                  Just updated and still have the same issue. I'm on 2.2.5_17 and the filter service is still red.

                  occamsrazorO 1 Reply Last reply Reply Quote 0
                  • occamsrazorO
                    occamsrazor @stownplayer
                    last edited by

                    @stownplayer Try the quick fix in the post 2 above this.... worked fine for me.

                    pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
                    Ubiquiti Unifi wired and wireless network, APC UPSs
                    Mac OSX and IOS devices, QNAP NAS

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      stownplayer @occamsrazor
                      last edited by

                      @occamsrazor We think my pfsense install is corrupted in some way. I'm going to re-install 2.4.4 and then reload the config. I tried those commands not long after they were posted and it did not work.

                      1 Reply Last reply Reply Quote 0
                      • VeldkornetV
                        Veldkornet
                        last edited by Veldkornet

                        On my dashboard, DNSBL always has a yellow icon and says

                        DNSBL is out of sync. Perform a force reload to correct.
                        

                        0_1538905435877_11dec9f0-7baf-4b97-a9e7-cb372d0d80c8-image.png

                        Although I’ve already done a force reload a few times...

                        Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

                        BBcan177B 1 Reply Last reply Reply Quote 0
                        • H
                          Hugovsky
                          last edited by

                          after upgrade to latest _17, I can't open 10.10.10.1 with browser. pfBlocker seems to be working and logging fine but can't get the 10.10.10.1 page. Is it normal?

                          BBcan177B 1 Reply Last reply Reply Quote 0
                          • BBcan177B
                            BBcan177 Moderator @Veldkornet
                            last edited by

                            @veldkornet said in pfBlockerNG-devel feedback:

                            On my dashboard, DNSBL always has a yellow icon and says
                            DNSBL is out of sync. Perform a force reload to correct.

                            Although I’ve already done a force reload a few times...
                            Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

                            For the Sync issue: Typically this is caused by having multiple feeds with the same "Header/Label" name. Every Header needs to be unique. Also can be caused if you have a duplicated Feed.

                            For the Certificate errors, you can fix this in pfBlockerNG-devel, see here:
                            https://forum.netgate.com/topic/136302/is-hiding-dnsbl-alerts-without-whitlisting-possible

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            VeldkornetV 1 Reply Last reply Reply Quote 0
                            • BBcan177B
                              BBcan177 Moderator @Hugovsky
                              last edited by

                              @hugovsky said in pfBlockerNG-devel feedback:

                              after upgrade to latest _17, I can't open 10.10.10.1 with browser. pfBlocker seems to be working and logging fine but can't get the 10.10.10.1 page. Is it normal?

                              Any errors in the system.log when you restart the service?

                              What happens if you try to start it from the shell?

                              /usr/local/etc/rc.d/pfb_filter.sh restart
                              

                              Also check the pfblockerng.log for any errors.

                              "Experience is something you don't get until just after you need it."

                              Website: http://pfBlockerNG.com
                              Twitter: @BBcan177  #pfBlockerNG
                              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                              1 Reply Last reply Reply Quote 0
                              • H
                                Hugovsky
                                last edited by Hugovsky

                                system log:

                                Oct 7 17:18:32 	check_reload_status 		Syncing firewall
                                Oct 7 17:18:32 	php_pfb 		[pfBlockerNG] filterlog daemon started
                                Oct 7 17:18:32 	php-fpm 	960 	[pfBlockerNG] Restarting firewall filter daemon
                                Oct 7 17:18:32 	check_reload_status 		Reloading filter
                                Oct 7 17:18:31 	check_reload_status 		Syncing firewall
                                Oct 7 17:18:31 	check_reload_status 		Syncing firewall
                                Oct 7 17:18:29 	php 		[pfBlockerNG] DNSBL parser daemon started 
                                

                                pfblockerng.log after stop/start of pfBlocker in GUI:

                                **Saving configuration [ 10/07/18 17:16:23 ]**
                                Reloading Unbound Resolver..... completed [ 10/07/18 17:16:24 ]
                                DNSBL update [ 1147610 | PASSED  ]... completed [ 10/07/18 17:16:25 ]
                                Removing DNSBL Unbound custom option
                                ------------------------------------------------------------------------
                                Saving DNSBL config changes.VIP address configured. Widget Packet statistics reset.
                                Stop Service DNSBL
                                
                                ** DNSBL Disabled **
                                
                                ** Stopping firewall filter daemon **
                                
                                **Saving configuration [ 10/07/18 17:17:57 ]**
                                
                                Configuring DNSBL... completed
                                Reloading Unbound Resolver..... completed [ 10/07/18 17:18:27 ]
                                DNSBL update [ 1147610 | PASSED  ]... completed [ 10/07/18 17:18:28 ]
                                Adding DNSBL Unbound server:include option
                                ------------------------------------------------------------------------
                                Saving new DNSBL web server configuration to port [ 9081 and 9443 ]
                                Saving DNSBL config changes.VIP address configured. Widget Packet statistics reset.
                                
                                Restarting DNSBL Service
                                
                                ** Restarting firewall filter daemon **
                                
                                

                                using /usr/local/etc/rc.d/pfb_filter.sh restart it's a no go too.

                                I has using 2.4.4 beta from 04 september before and pfblocker _12 and it was working. I've updated pfblocker to _17 and lost the block page. Upgraded pfsense to latest beta 2.4.5. Didn't solved it.

                                1 Reply Last reply Reply Quote 0
                                • BBcan177B
                                  BBcan177 Moderator
                                  last edited by BBcan177

                                  @hugovsky said in pfBlockerNG-devel feedback:

                                  I has using 2.4.4 beta from 04 september before and pfblocker _12 and it was working. I've updated pfblocker to _17 and lost the block page. Upgraded pfsense to latest beta 2.4.5. Didn't solved it.

                                  When you ran that command from the shell, did it report any errors?
                                  As a note, the pfb_filter is for IP not DNSBL... The DNSBL service is pfb_dnsbl.

                                  I am also not sure what you mean by "lost the block page?"

                                  Run the following and report the output:

                                  ls -lah /var/log/filter.log
                                  
                                  ps auxww | grep pfb
                                  

                                  "Experience is something you don't get until just after you need it."

                                  Website: http://pfBlockerNG.com
                                  Twitter: @BBcan177  #pfBlockerNG
                                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    Hugovsky
                                    last edited by

                                    I've also noted that the percentage of domains blocked is at 100%

                                    0_1538930091068_test.png

                                    1 Reply Last reply Reply Quote 0
                                    • BBcan177B
                                      BBcan177 Moderator
                                      last edited by

                                      @hugovsky said in pfBlockerNG-devel feedback:

                                      I've also noted that the percentage of domains blocked is at 100%

                                      Click the trashcan Icon in the Packet column to reset it... The widget wrench also contains some other tunables.

                                      "Experience is something you don't get until just after you need it."

                                      Website: http://pfBlockerNG.com
                                      Twitter: @BBcan177  #pfBlockerNG
                                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        Hugovsky
                                        last edited by Hugovsky

                                        "Block page" it's the page you see when you go drectly to 10.10.10.1, the vip ip.

                                        Cleared the stats and "block percentage" is ok now.

                                        ls -lah /var/log/filter.log:

                                        [2.4.5-DEVELOPMENT][root@firewall]/root: ls -lah /var/log/filter.log
                                        -rw-------  1 root  wheel   195K Oct  7 17:16 /var/log/filter.log
                                        
                                        

                                        ps auxww | grep pfb:

                                        [2.4.5-DEVELOPMENT][root@firewall]/root: ps auxww | grep pfb
                                        root    38351   0.0  0.0   10392   7340  -  S    17:18      0:02.08 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
                                        root    38455   0.0  0.2   50880  38640  -  I    17:18      0:01.77 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
                                        root    38468   0.0  0.2   50880  38216  -  I    17:18      0:00.26 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc index
                                        root    38796   0.0  0.2   50880  38632  -  S    17:18      0:00.78 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
                                        root    44777   0.0  0.0    6564   2456  0  S+   17:38      0:00.00 grep pfb
                                        root    48602   0.0  0.0    4340   1956  0  S    17:21      0:00.35 /usr/local/sbin/clog_pfb -f /var/log/filter.log
                                        root    48774   0.0  0.2   50880  38208  0  I    17:21      0:00.25 /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
                                        
                                        
                                        BBcan177B 1 Reply Last reply Reply Quote 0
                                        • BBcan177B
                                          BBcan177 Moderator @Hugovsky
                                          last edited by BBcan177

                                          @hugovsky

                                          What does this report:

                                          ls -la /usr/local/bin/php*
                                          

                                          Try the following:

                                          rm /usr/local/bin/php_pfb
                                          

                                          And then restart the pfb_filter service.

                                          "Experience is something you don't get until just after you need it."

                                          Website: http://pfBlockerNG.com
                                          Twitter: @BBcan177  #pfBlockerNG
                                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                          1 Reply Last reply Reply Quote 0
                                          • H
                                            Hugovsky
                                            last edited by Hugovsky

                                            ls -lah /usr/local/bin/php*:

                                            [2.4.5-DEVELOPMENT][root@firewall]/root: ls -lah /usr/local/bin/php*
                                            -rwxr-xr-x  2 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php
                                            -rwxr-xr-x  1 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php-cgi
                                            -rwxr-xr-x  1 root  wheel   2.7K Sep 20 13:18 /usr/local/bin/php-config
                                            -rwxr-xr-x  2 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php_pfb
                                            -rwxr-xr-x  1 root  wheel   4.4K Sep 20 13:18 /usr/local/bin/phpize
                                            
                                            

                                            Did what you sugested and no diference.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.