Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG firewall filter service will not start latest snapshot

    Scheduled Pinned Locked Moved pfBlockerNG
    13 Posts 5 Posters 1.8k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK Offline
      kiokoman LAYER 8
      last edited by

      pfblockerng-devel have his on log, check it

      Firewall / pfBlockerNG / Log Browser

      what i can see on my system is

      root  94903   0.0  0.1   50536    2268  -  I    23:02       0:00.00 /usr/local/sbin/clog_pfb -f /var/log/filter.log
root  94965   0.0  1.0   59184   38968  -  S    23:02       0:00.34 /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog

      maybe it's not working because it still use clog and after the last update the log file are no more circular?
      i personally don't use it so i don't know if it work or not but it seems to start at least to me

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • JeGrJ Offline
        JeGr LAYER 8 Moderator
        last edited by

        As @jimp wrote in the post, that the CLOG binary would be removed I'm curious as to why the process is running after all. But I suppose pfBNG brought its own version or copy called clog_pfb? On a 2.4.4 those two (clog and clog_pfb) are identical size and date so could be hardlinked or just copied (whysoever?)

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        kiokomanK 1 Reply Last reply Reply Quote 0
        • kiokomanK Offline
          kiokoman LAYER 8 @JeGr
          last edited by kiokoman

          @JeGr i have uninstalled pfblockerng and that clog is no more so it's part of the pfblockerng package. It have its own copy

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • JeGrJ Offline
            JeGr LAYER 8 Moderator
            last edited by

            Did you check the file system if theres a clog_pfb binary left over? Then pfB is bringing its own (what I'm curious about as to why - and why it even has its own php?) and if that's the case the logging should still work.

            The problem is/could be, that with changing the logging structure in 2.5 snapshots, @BBcan177 would have to roll out another fork package of pfBlockerNG like -snapshots for it to incorporate the changes for logging as those would not work in 2.4.4 or less (as they are still clog based). So to accomodate that it would have its log part rewritten and be incompatible with <2.5 versions and as the development is still ongoing (and not pushed to the -stable package), that would be a bit complicated.

            IMHO the best course would be to push the current -stable to sth. like "-old", push -devel to -stable and then use "-devel" für development of new versions matching things like snapshots but that's not something easily done and the workload is already high for him.

            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • kiokomanK Offline
              kiokoman LAYER 8
              last edited by kiokoman

              pfblockerng_install.inc

              update_status(" done.\n\nCreating Firewall filter service...");
pfb_filter_service();
stop_service('pfb_filter');
update_status(" done.\nRenew Firewall filter executables...");
unlink_if_exists('/usr/local/bin/php_pfb');
link('/usr/local/bin/php', '/usr/local/bin/php_pfb');
unlink_if_exists('/usr/local/sbin/clog_pfb');
link('/usr/local/sbin/clog', '/usr/local/sbin/clog_pfb');

              i have update pfsense
              reinstalled pfblockerng
              i don't have /usr/local/sbin/clog
              of course there isn't also /usr/local/sbin/clog_pfb
              it was removed
              ending with a non working pfBlockerNG ☺
              redmine https://redmine.pfsense.org/issues/9724

              in the meantime i'm testing this solution if it work .. from clog to tail 😈

              root  26168   0.0  0.1   10648    2264  0  S    12:01      0:00.01 /usr/bin/tail -f /var/log/filter.log

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • JeGrJ Offline
                JeGr LAYER 8 Moderator
                last edited by

                @kiokoman said in pfBlockerNG firewall filter service will not start latest snapshot:

                of course there isn't also /usr/local/sbin/clog_pfb

                Aaah so my hunch was right and he is/was using hardlinks that now won't work on current snapshots as there's no clog binary anymore. Curious though as to why he uses a hardlink at all.

                But yeah, that's why the log view isn't visible at present with newer snapshots :)

                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 0
                • kiokomanK Offline
                  kiokoman LAYER 8
                  last edited by kiokoman

                  if someone is interested he can try to modify
                  /usr/local/etc/rc.d/pfb_filter.sh

                  on line 38

                  change it from

                  /usr/local/sbin/clog_pfb -f /var/log/filter.log | /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog &

                  to

                  /usr/bin/tail -f /var/log/filter.log | /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog &

                  i can't test dnsbl as i don't have unbound but i can see that if i try to go to an ip address in the black list it will redirect

                  PR https://github.com/pfsense/FreeBSD-ports/pull/670

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 0
                  • provelsP Offline
                    provels
                    last edited by provels

                    It appears this has been fixed in the latest PFBNG devel release.

                    Peder

                    MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                    BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                    1 Reply Last reply Reply Quote 0
                    • JeGrJ Offline
                      JeGr LAYER 8 Moderator
                      last edited by

                      Quick reaction by @BBcan177 as (almost) always. Nicely done :) and thanks for the details @kiokoman

                      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        chrcoluk
                        last edited by chrcoluk

                        Got same issue but in my case no error is generated, all I see is after I added to watchdog it is been started every minute in the system log, no errors, just stopping right after started.

                        If I check logs inside pfblockerng-devel, is no errors.

                        Any ideas?

                        What does the service even do? as the actual functionality seems fine otherwise.

                        2.5-snapshot, on my 2.4.5 unit it is running.

                        pfSense CE 2.8.0

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.