pfb_filter Keeps stopping

Mr_JinX

Hi, I'm using the development build and found that pfb_filter keeps stopping and watchdog restarts it, is there a log file i can check to see why it's failing. I can't see anything in the specific gui logs. and system logs, doesn't show me why it stopped just that it's going to be restarted by watchdog.

(pfBlockerNG-devel 2.2.5_32 )

Gui System Log;

May 11 13:56:00 php 47331 [pfBlockerNG] filterlog daemon started
May 11 13:56:00 php 42640 servicewatchdog_cron.php: Service Watchdog detected service pfb_filter stopped. Restarting pfb_filter (pfBlockerNG firewall filter service)
May 11 13:55:00 php 9925 [pfBlockerNG] filterlog daemon started
May 11 13:55:00 php 4766 servicewatchdog_cron.php: Service Watchdog detected service pfb_filter stopped. Restarting pfb_filter (pfBlockerNG firewall filter service)
May 11 13:54:00 php 71662 [pfBlockerNG] filterlog daemon started

Even syslog doesn't shed any info;

[2.5.0-DEVELOPMENT][admin@Kestrel-HA01-Primary.public.walsall.gov.uk]/var/log: tail -f system.log
May 11 13:48:00 Kestrel-HA01-Primary php[26703]: servicewatchdog_cron.php: Service Watchdog detected service pfb_filter stopped. Restarting pfb_filter (pfBlockerNG firewall filter service)
May 11 13:48:00 Kestrel-HA01-Primary php[34602]: [pfBlockerNG] filterlog daemon started
May 11 13:49:00 Kestrel-HA01-Primary php[33953]: servicewatchdog_cron.php: Service Watchdog detected service pfb_filter stopped. Restarting pfb_filter (pfBlockerNG firewall filter service)
May 11 13:49:00 Kestrel-HA01-Primary php[38837]: [pfBlockerNG] filterlog daemon started
May 11 13:49:13 Kestrel-HA01-Primary sshd[97822]: user admin login class [preauth]
May 11 13:49:13 Kestrel-HA01-Primary sshd[97822]: user admin login class [preauth]
May 11 13:49:14 Kestrel-HA01-Primary sshd[97822]: Accepted keyboard-interactive/pam for admin from 10.14.2.123 port 3273 ssh2
May 11 13:49:41 Kestrel-HA01-Primary php[27369]: [pfBlockerNG] filterlog daemon started
May 11 13:50:00 Kestrel-HA01-Primary php[43304]: servicewatchdog_cron.php: Service Watchdog detected service pfb_filter stopped. Restarting pfb_filter (pfBlockerNG firewall filter service)
May 11 13:50:00 Kestrel-HA01-Primary php[48329]: [pfBlockerNG] filterlog daemon started

RonpfS

There is no need to use System Watchdog for pfb_filter.

Mr_JinX

@RonpfS I think you're missing the point, the service keeps stopping. Watchdog just restarts it, I just don't know why it keeps stopping.

RonpfS

Remove it from System Watchdog and figure out why it stop.
Did you inspect all the logs files ?
Does this happen during cron update? or DHCP registration etc ....

Gertjan

@RonpfS said in pfb_filter Keeps stopping:

Does this happen during cron update? or DHCP registration etc ....

Or a pfBlockerNG update ?
How often pfBlockerNG is restarting ? How long does it take to restart ?

As @RonpfS, remove 'filterlog' from System Watchdog.
Goto console acces (== SSH) and use option 8.
Enter :

ps ax | grep 'filterlog'

You should see :

4441  -  I        0:00.42 /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
33289  -  Ss       0:44.89 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
44778  0  S+       0:00.00 grep filterlog

The last line is the 'ps' command itself.
"filterlog" is actually two processes, not more, not less. My example shows 4441 and 33289.

Example : when pgBlockerNG restarts - and this can take a lot of time - several minutes if you have a lot of DNSBL feeds to load and parse, the service watchdog that runs every minute will detect this, and start the two services again, which is a completely wrong action to take. pfBlockerNG has to finish updating / upgrading first/ When done, it will launch 'filterlog' by itself.

Btw : I just try to understand what happens, didn't actually saw anything of all this happening.

Rule of thumb : using " System Watchdog" is nearly always the wrong method. The actual issue has to be solved.

DigitalRCS

@mr_jinx I'm having the same issue. I updated to the pfsense + dev version 22.09.a.20220729.0600 and I keep getting PFB_Filter stopping and sometimes this also stops the DNS however I have disabled a switch Register DHCP leases in the DNS Resolver but the only thing I can do to stop this from happening is disable PFBlocker all together. I'm assuming it's because of the 22.09a version I'm using as it didn't happen before. Anoying when i work from home and keep getting kicked. Can't wait for newer version. I probably wont do Dev version again even though i'm a software developer and love to mess around with dev versions. just to much trouble.

Gertjan

@digitalrcs

You saw a new version came out : 3.1.0_7. It might include a solution for you.

@digitalrcs said in pfb_filter Keeps stopping:

PFB_Filter

That's a PHP script continually running as a task.

It's job is to read all new firewall log entries, and reformats them for pfBlocker statistics.
If its not running, no graphs ans stats (reports) but the IP part that blocks IP addresses using aliases and pfBlockerng firewall rules probably still works.

@digitalrcs said in pfb_filter Keeps stopping:

just to much trouble.

As told : you are using the newer FreeBSD 14 kernel (no an issue I guess) and the new PHP version 8.x, and that's a big issue, as minor PHP syntax changes need cod rewrite.
Guess what : pgBlockerng is probably the biggest PHP write up that exists, for pfSense.
More often then not, every PHP error can be 'googled' and corrected to a working 8.1 equivalent, as I presume you can read and write PHP.
Still, the dev version is known as 'bleading edge' where edge means your still ok, but just.
The bleading part is .... well, you get it.

edit : you saw : https://forum.netgate.com/topic/175254/pfblockerng-producing-php-errors-on-cron/6