Packet Counts Not Updating in pfBlockerNG Widget

tman222

@jdeloach - for the lists where the counters stay at 0, do you have their Action defined as just Alias (e.g. Alias Permit, Alias Native, Alias Match)? If you try switching one of them over to Permit or Deny, do the counters start working? From what I'm seeing right now, only lists defined with Action as Alias do not work appear to count up properly. Thanks in advance.

jdeloach

@tman222 said in Packet Counts Not Updating in pfBlockerNG Widget:

@jdeloach - for the lists where the counters stay at 0, do you have their Action defined as just Alias (e.g. Alias Permit, Alias Native, Alias Match)? If you try switching one of them over to Permit or Deny, do the counters start working? From what I'm seeing right now, only lists defined with Action as Alias do not work appear to count up properly. Thanks in advance.

I had Alias Native for action defined on all IP lists and the counts were staying at 0. Per your suggestion, I changed action to Deny Both on my IP lists and now in Dashboard, it is showing counts as it should.

Per chat from @BBcan177 last night which I missed, he stated that he had seen issues with the counts staying at 0 with pfSense 2.5 but had not seen the issue with pfSense 2.4.5-p1.

So now maybe the problem is just if the Action is defined as Alias "Native, Deny, Permit, or Match".

Thanks for the tip, maybe @BBcan177 can take a look when he has time and see why Action, Alias "Native, Deny, Permit, or Match" doesn't work.

jdeloach

This post is deleted!

digdug3

@BBcan177 : I can confirm the counters are not working in the widget when you use Action "Alias Deny" with your own floating rules (not auto created by pfBlockerNG-dev v3.0.0_2).
This used to work in dev-2

BBcan177

Here is a patch to fix the packet counting for Alias Type rules.
Will get this pushed into the next version asap:

curl -o /usr/local/www/widgets/widgets/pfblockerng.widget.php "https://gist.githubusercontent.com/BBcan177/22a3c6b6fe9b7b5f7415dfaa189c49a4/raw"

tman222

@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:

Here is a patch to fix the packet counting for Alias Type rules.
Will get this pushed into the next version asap:

curl -o /usr/local/www/widgets/widgets/pfblockerng.widget.php "https://gist.githubusercontent.com/BBcan177/22a3c6b6fe9b7b5f7415dfaa189c49a4/raw"

Hmmm, this doesn't seem to be working for me. Is there anything else that needs to be done besides running the command to replace the PHP file? Thanks again.

RonpfS

This post is deleted!

tman222

With @BBcan177's help it's working now and I can confirm that the packet counters are increasing.

Turns out that one thing I neglected was that the firewall rule description for the rule that uses the pfBlockerNG Alias needs to start with "pfb_". So for instance if there's an IPv4 blocklist "myblocklist" defined as an Alias, adding pfb_myblocklist_v4" at the beginning of the firewall rule description allows it to work.

Thanks again @BBcan177 for all your help in getting this working again.

mlines

So I tried the recommended fix to add the blocklist name in the description and everytime i did a force reload the rule disappears. Readding the rule without any description at least allows the rule to persist, however the counter is still not working on the dashboard.

Is there any way to revert to the last dev version of pfBlockerNG prior to 3.0 release? That was working fine for me.

BBcan177

@mlines

For Alias type rules, you need to prefix the Firewall rules Descriptions with "pfb_" in order for those to be reported in the Dashboard widget, and also so that they are not removed by the package.

The prefix "pfB_" is reserved for Auto type rules, and those are controlled automatically by the package.

mlines

@bbcan177 I added the prefix and now the rule is not being deleted on reload, however the dashboard widget is still not incrementing when I test with IPs from the list.

BBcan177

@mlines
See my post above for the patch ^^^^^

mlines

@bbcan177 I applied the patch from the command line, and then both reloaded and rebooted. Still not updating the counts, though the blocks appear to be working.

mlines

@bbcan177 Not sure if this is related, but checking /var/log/pfblockerng/, these are the only files I see listed:

dnsbl_parsed_error.log maxmind_ver
extras.log pfblockerng.log

BBcan177

@mlines
If you are on pfSense 2.5, did you change the Log format to "syslog"? If so, it will only work with "BSD" format. I will address that in the upcoming versions.

mlines

@bbcan177 I'm on 2.4.5 p1 on a SG-1100. I have changed the types from Alias Deny to Deny Both and now the counts are working for IP blocks. Still not showing for DNSBL. Continuing to investigate.

molykule

@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:

@mlines

For Alias type rules, you need to prefix the Firewall rules Descriptions with "pfb_" in order for those to be reported in the Dashboard widget, and also so that they are not removed by the package.

The prefix "pfB_" is reserved for Auto type rules, and those are controlled automatically by the package.

Hi bbcan177,

I have alias deny, and the name say for example "level1" under "name/description" tab under IPv4. When I run the update it creates Alias named pfB_level1, under alias. I do not know how to change the pfB_level1 to pfb_level1. May be I am misunderstanding this. Should it be pfB_pfb_level1.
I also tried changing the "name/Description" tab to pfb_level1. The new alias created was "pfB_pfb_level1", but the counters under widget did not change.
Please let me know what am I doing wrong. I am on 2.4.5_p1
Many thanks,
Molecule

RonpfS

@molykule It is not the name of IP Group Name / Description you have to change, it is the FW Rules Extra Options Description you have to prefix with "pfb_".

molykule

@ronpfs
Hi Ronpfs,

Many thanks. So that if somebody else is lost just like me,
I have the rule as "Alias Deny" which creates the rule under Firewall -- Alias tab an Alias with the name (Example "pfB_level1"). Then under the rule I have reject, single host/alias and then pfB_level1. Then way down on the same page, under "Extra Options" in Description tab I have pfb_level1.
That starts the widget count,
thanks for all your help,
Molykule

RonpfS

@molykule Click on the under Action in any IP group.

Alias' Rules:
'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. 

With this alias you create your own FW rules.