Packet Counts Not Updating in pfBlockerNG Widget

mlines

@bbcan177 I'm on 2.4.5 p1 on a SG-1100. I have changed the types from Alias Deny to Deny Both and now the counts are working for IP blocks. Still not showing for DNSBL. Continuing to investigate.

molykule

@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:

@mlines

For Alias type rules, you need to prefix the Firewall rules Descriptions with "pfb_" in order for those to be reported in the Dashboard widget, and also so that they are not removed by the package.

The prefix "pfB_" is reserved for Auto type rules, and those are controlled automatically by the package.

Hi bbcan177,

I have alias deny, and the name say for example "level1" under "name/description" tab under IPv4. When I run the update it creates Alias named pfB_level1, under alias. I do not know how to change the pfB_level1 to pfb_level1. May be I am misunderstanding this. Should it be pfB_pfb_level1.
I also tried changing the "name/Description" tab to pfb_level1. The new alias created was "pfB_pfb_level1", but the counters under widget did not change.
Please let me know what am I doing wrong. I am on 2.4.5_p1
Many thanks,
Molecule

RonpfS

@molykule It is not the name of IP Group Name / Description you have to change, it is the FW Rules Extra Options Description you have to prefix with "pfb_".

molykule

@ronpfs
Hi Ronpfs,

Many thanks. So that if somebody else is lost just like me,
I have the rule as "Alias Deny" which creates the rule under Firewall -- Alias tab an Alias with the name (Example "pfB_level1"). Then under the rule I have reject, single host/alias and then pfB_level1. Then way down on the same page, under "Extra Options" in Description tab I have pfb_level1.
That starts the widget count,
thanks for all your help,
Molykule

RonpfS

@molykule Click on the under Action in any IP group.

Alias' Rules:
'Alias' rules create an alias for the list (and do nothing else). This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. 

With this alias you create your own FW rules.

mlines

@molykule So here is what is happening for me at least (SG-1100 2.4.5p1). I add the PRI1 blocklist as Alias Deny. Add it to the WAN interface to test with reject and logging. While I do a force reload I can see the pfB_PRI1_v4 list appear on the dashboard widget and the count start to increment (as I get hammered constantly), however by the time the reload finishes the rule has disappeared from the WAN rule list, and the count is showing 0 in the widget.

BBcan177

@mlines

If you set the Firewall Rule Description to start with "pfb_", it will not be removed by the package.
Maybe send a screenshot of where you are putting the Description.

mlines

@bbcan177 So if I set the description to "pfb_....", the rule is not deleted however it does not increment the count. If I set the description to "pfB_", the count is incremented during the reload but then the rule is deleted at the end of the reload.

tman222

@mlines - if the name of the IP list for Alias Deny is pfB_PRI1_v4, make sure that the description of the firewall that uses this pfBlockerNG alias starts with "pfb_" (note the small "b"). So for instance, you could put pfb_PRI1_v4 as the only text into the firewall rule description, and the counter in the widget should start to work (again, note the the small "b"). Hope this helps.

mlines

@tman222 Thanks - I can do that and the rule will not be deleted, however the dashboard counter no longer works.

BBcan177

@mlines

1. Leave the Firewall Rule Description prefix with "pfb_"

2. Then download the patched file:
   curl -o /usr/local/www/widgets/widgets/pfblockerng.widget.php "https://gist.githubusercontent.com/BBcan177/22a3c6b6fe9b7b5f7415dfaa189c49a4/raw"

mlines

@bbcan177 Ok, I think I have it (and to be clear for everyone else). Apply the patch as described above. Then, make the rule description the same as the Alias List name, except use a small b instead of a capital B.

For example, when adding the PRI1 feed as Alias Deny, the resultant Alias name will be pfB_PRI1_v4. When adding a rule that uses this Alias, set the description to "pfb_PRI1_v4". Do not customize or otherwise change the description (my mistake).

tman222

@mlines said in Packet Counts Not Updating in pfBlockerNG Widget:

@bbcan177 Ok, I think I have it (and to be clear for everyone else). Apply the patch as described above. Then, make the rule description the same as the Alias List name, except use a small b instead of a capital B.

For example, when adding the PRI1 feed as Alias Deny, the resultant Alias name will be pfB_PRI1_v4. When adding a rule that uses this Alias, set the description to "pfb_PRI1_v4". Do not customize or otherwise change the description (my mistake).

Hi @mlines - as I understand it, it should work as long as the firewall description starts with "pfb_". So for instance, if you had the firewall rule description as something like "pfb_PRI1_v4 alias to deny xyz traffic" the widget counter should still work. Hope this helps.

digdug3

@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:

@mlines

If you set the Firewall Rule Description to start with "pfb_", it will not be removed by the package.
Maybe send a screenshot of where you are putting the Description.

@BBcan177 Hmm, alternate descriptions used to work before. Why not just look at the Alias name like before? I don't like changing the descriptions...

A Former User

@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:

patch

Hi
I have the same problem too.
I don't know how to use pfsense well so I wanted to know how to put this patch.
Can you show me how to do it even with screenshots? Thank you

A Former User

Can anyone help me? Thank you

digdug3

@antonio-briguglio Please update pfBlockerNG to the latest dev. version, that fixes the issue.

A Former User

@digdug3 thank you