• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfBlockerNG v3.0.0_6 update

Scheduled Pinned Locked Moved pfBlockerNG
24 Posts 9 Posters 3.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    BBcan177 Moderator
    last edited by BBcan177 Dec 15, 2020, 5:59 AM Dec 14, 2020, 4:21 AM

    pfBlockerNG v3.0.0_6 update

    Will hopefully be approved and merged Monday this week.

    • Fix incorrect function name call
    • Add safety belt for DNS Python mode and the DNS Resolver OpenVPN Client Registration option.
    • Add a Phishing Army alternative feed.
    • Remove any empty < config >< /config > config.xml entries

    Updated:

    • DNSBL - NAT / Floating rule modifications when Localhost interface is selected

    • Add preliminary DNSBL Group Policy configuration that will globally bypass DNSBL for the defined LAN IPs

    "Experience is something you don't get until just after you need it."

    Website: http://pfBlockerNG.com
    Twitter: @BBcan177  #pfBlockerNG
    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

    J L 2 Replies Last reply Dec 16, 2020, 9:36 PM Reply Quote 7
    • E
      everfree
      last edited by Dec 16, 2020, 2:22 AM

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • J
        jdeloach @BBcan177
        last edited by jdeloach Dec 16, 2020, 9:38 PM Dec 16, 2020, 9:36 PM

        @bbcan177

        Looks like the fix to restart unbound automatically did not make it into pfBlockerNG v3.0.0_6. I just updated to v3.0.0_6 and still had to manually start unbound after the update finished.

        B 1 Reply Last reply Dec 18, 2020, 5:38 AM Reply Quote 0
        • B
          BBcan177 Moderator @jdeloach
          last edited by Dec 18, 2020, 5:38 AM

          @jdeloach said in pfBlockerNG v3.0.0_6 update:

          @bbcan177
          Looks like the fix to restart unbound automatically did not make it into pfBlockerNG v3.0.0_6. I just updated to v3.0.0_6 and still had to manually start unbound after the update finished.

          There is an issue in pfSense pkg-static that causes Unbound to go into a <defunct> state during Installation since on pkg Installation, the first step is to de-install and that stops Unbound, and then an installation, which re-enables the pkg and starts Unbound again. But the process tree map shows that Unbound is stopping/starting in the pkg installation tree which is causing this issue.
          I am trying to find a temporary workaround until the devs can look at it.
          You can try to disable the pkg before updating to any new versions, and then re-enable post installation to see if that helps.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          J 1 Reply Last reply Dec 18, 2020, 8:28 AM Reply Quote 2
          • J
            jdeloach @BBcan177
            last edited by Dec 18, 2020, 8:28 AM

            @bbcan177

            Thanks, I'll follow your advice for any future updates.

            As always, thanks for your work on this great package.

            1 Reply Last reply Reply Quote 0
            • M
              mind12
              last edited by Dec 18, 2020, 9:05 AM

              I have a strange issue since I updated to this version. Whenever I try to edit a DNSBL Group object the edit menu of the object above appears instead. Anybody encountered this issue?
              Opening them from the Feeds menu works just fine.

              Editing BBCan177 opens an empty DNSBL group edit page
              Editing Malicious opens the BBCan177 edit page
              etc.

              37b22f72-fd31-4c34-9741-83f0cfe8655a-image.png

              G 1 Reply Last reply Dec 18, 2020, 9:22 AM Reply Quote 0
              • G
                Gertjan @mind12
                last edited by Gertjan Dec 18, 2020, 9:28 AM Dec 18, 2020, 9:22 AM

                @mind12 what is the URL shown when you hover the mouse over the 'pencil-edit' buttons
                ?

                My list :

                4c05b17d-7926-401b-868d-3a12e6a8501d-image.png

                When I hover over edit button of the BBcan177 feed, I see a ....&rowid=0
                The Pishing (row 4) shows a rowid=3.

                Editing BBcan177 opens the BBcan177 settings. Etc.

                For my Cryptojackers - the id is 2 :

                953df70e-31d4-415e-9407-a35a62967463-image.png

                Did you re arrange the rows without hitting Save button ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                M 1 Reply Last reply Dec 18, 2020, 10:53 AM Reply Quote 0
                • M
                  mind12 @Gertjan
                  last edited by Dec 18, 2020, 10:53 AM

                  @gertjan I have not rearranged them. To be honest this list was empty on the .5 version however I used all of them on the Feeds menu.

                  The ids are 0-3 in the same order as in my picture in the Group menu but BBCan has rowid 1 in the link on the Feeds menu.

                  I will try to rearrange them to have the same rowid as in Feeds.

                  M 1 Reply Last reply Dec 18, 2020, 10:59 AM Reply Quote 0
                  • M
                    mind12 @mind12
                    last edited by Dec 18, 2020, 10:59 AM

                    @mind12 After I rearranged, saved and reloaded it opens the correct feed now.

                    S 1 Reply Last reply Dec 19, 2020, 2:41 AM Reply Quote 0
                    • S
                      SteveITS Galactic Empire @mind12
                      last edited by SteveITS Dec 19, 2020, 2:44 AM Dec 19, 2020, 2:41 AM

                      @BBcan177
                      I upgraded from 2.2.5_37 -> 3.0.0_6 tonight on my SG-2100 at home and have a question. Was DShield removed? I just set that up for all our clients a couple months ago when I saw it in the notes on Github. :) We used to have our own feed generator script. In v3 it shows up under "Unknown user defined Feeds."

                      After upgrading, it completed fine but the DNS resolver had stopped. All I had to do was start it. [arg, I posted then reread your message yesterday about this issue...never mind just +1 me]

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      S 1 Reply Last reply Dec 19, 2020, 6:53 PM Reply Quote 0
                      • ?
                        A Former User
                        last edited by A Former User Dec 19, 2020, 5:11 PM Dec 19, 2020, 5:10 PM

                        A lot has happened over the past few weeks. Want to make sure I understand how things are at the moment (3.0.0_6). As best I can tell:

                        1. Issue during install/upgrade killing unbound. It's only an upgrade/install issue NOT an ongoing problem. So, install/upgrade should be viewed as a planned, albeit short, outage.

                        2. Using python integration mode is incompatible with views in unbound. This is an unbound issue on pfsense 2.4.5_p1. Not sure it's fixed with the more current version of unbound on pfsense 2.5.

                        Other than that things are good?

                        M 1 Reply Last reply Dec 19, 2020, 5:16 PM Reply Quote 0
                        • M
                          mind12 @A Former User
                          last edited by Dec 19, 2020, 5:16 PM

                          @jwj Yes you are correct.

                          Regarding 2. not just views but DHCP Registration and OpenVPN Clients is also incomatible with python mode.

                          ? 1 Reply Last reply Dec 19, 2020, 5:25 PM Reply Quote 0
                          • ?
                            A Former User @mind12
                            last edited by Dec 19, 2020, 5:25 PM

                            @mind12 Thanks! Is the problem with registering dhcp leases only dynamic leases? In other words, registering static leases is ok.

                            M 1 Reply Last reply Dec 19, 2020, 5:29 PM Reply Quote 0
                            • M
                              mind12 @A Former User
                              last edited by Dec 19, 2020, 5:29 PM

                              @jwj That's a good question. If I could guess, both.

                              Original release notes:

                              "The DNS Resolver (Unbound) DHCP Registration option is not compatible with DNSBL Python mode. The pfSense devs are aware and changes are required to be made to the dhcpleases binary to stop/start Unbound instead of sending a SIGHUP. The use of this option and the Unbound Python mode will cause an Unbound crash.
                              If DHCP Registration is enabled in Unbound Python mode, or DHCP Registration enabled after Unbound Python mode is enabled, Unbound Python mode will be downgraded to Unbound mode to prevent Unbound from crashing."

                              ? 1 Reply Last reply Dec 19, 2020, 5:37 PM Reply Quote 0
                              • ?
                                A Former User @mind12
                                last edited by A Former User Dec 19, 2020, 5:41 PM Dec 19, 2020, 5:37 PM

                                @mind12 Yeah.

                                Screen Shot 2020-12-19 at 12.31.33.png

                                First and third are a no go for sure, I can live with that. The second, static leases, would be a show stopper. I need to be able to resolve those devices and do reverse lookup for them.

                                Of course using the non python mode removes these restrictions.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  SteveITS Galactic Empire @SteveITS
                                  last edited by Dec 19, 2020, 6:53 PM

                                  @teamits said in pfBlockerNG v3.0.0_6 update:

                                  Was DShield removed

                                  Looks like it was renamed to the ISC Block list.

                                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                  Upvote 👍 helpful posts!

                                  1 Reply Last reply Reply Quote 0
                                  • X
                                    xppx99
                                    last edited by xppx99 Dec 21, 2020, 10:31 AM Dec 21, 2020, 10:30 AM

                                    Hello,

                                    Today I found an alert in PfblockerNG alerts - "DNSBL (Python mode) is out of sync. Perform a Force Reload to correct."

                                    dd80df15-a2d6-42ae-9962-5ad867881a19-image.png Screenshot 2020-12-21 at 10.27.31.png

                                    I've done a few force reloads but this wont change. Also disabled/enable pfblockerng but no change.
                                    Am I missing something?

                                    I'm using 3.0.0._6 version, python mode enabled.

                                    Thanks

                                    G 1 Reply Last reply Dec 21, 2020, 2:25 PM Reply Quote 0
                                    • G
                                      Gertjan @xppx99
                                      last edited by Gertjan Dec 21, 2020, 2:31 PM Dec 21, 2020, 2:25 PM

                                      @xppx99

                                      You can check what happens in the log, shown during the force update :
                                      This it would should show :

                                      ....
                                      Database Sanity check [  PASSED  ]
                                      ------------------------
                                      Masterfile/Deny folder uniq check
                                      Deny folder/Masterfile uniq check
                                      ....
                                      

                                      Your shows :

                                      Database Sanity check [  FAILED  ] ** These two counts should match! **
                                      

                                      Normally, you shouldn't leave log messages with text like 'FAILED' .... ;)
                                      When you see FAILED somewhere it will pop up elsewhere .... like in the middle of the dashboard.

                                      You can see the file here : /var/unbound/var/log/pfblockerng/pfblockerng.log
                                      What counts is the last PASSED or FAILED occurrence.
                                      You could also see here Firewall > pfBlockerNG > Log Browser and view this file.

                                      I guess you have a feed/list that fails or contains invalid info - check them one by one.
                                      Make sure that " ** These two counts should match! ** " (whatever that may means) goes away.

                                      Or pastebin the log, and show it here.

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      B X 2 Replies Last reply Dec 21, 2020, 3:11 PM Reply Quote 0
                                      • B
                                        BBcan177 Moderator @Gertjan
                                        last edited by Dec 21, 2020, 3:11 PM

                                        @gertjan @xppx99
                                        https://forum.netgate.com/topic/158947/dsnbl-out-of-sync/5

                                        "Experience is something you don't get until just after you need it."

                                        Website: http://pfBlockerNG.com
                                        Twitter: @BBcan177  #pfBlockerNG
                                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                        1 Reply Last reply Reply Quote 0
                                        • X
                                          xppx99 @Gertjan
                                          last edited by xppx99 Dec 21, 2020, 3:54 PM Dec 21, 2020, 3:48 PM

                                          @gertjan

                                          I detect no problems in the log... Searching for "FAILED" detects no results:

                                          Database Sanity check [  PASSED  ]
                                          ------------------------
                                          Masterfile/Deny folder uniq check
                                          Deny folder/Masterfile uniq check
                                          
                                          Sync check (Pass=No IPs reported)
                                          ----------
                                          

                                          @BBcan177

                                          I have no TLD custom blacklist and whitelist, and I checked all the feed Headers and they are unique.

                                          Assembling DNSBL database...... completed [ 12/21/20 15:30:32 ]
                                          TLD:
                                          TLD analysis...xxxxx completed [ 12/21/20 15:30:36 ]
                                          
                                            ** TLD Domain count exceeded. [ 300000 ] All subsequent Domains listed as-is **
                                          
                                          TLD finalize...
                                           ----------------------------------------
                                           Original    Matches    Removed    Final     
                                           ----------------------------------------
                                           674635      236040     28482      646153    
                                           -----------------------------------------
                                          TLD finalize... completed [ 12/21/20 15:30:38 ]
                                          
                                          Saving DNSBL statistics... completed [ 12/21/20 15:30:39 ]
                                          Reloading Unbound Resolver (DNSBL python).
                                          Stopping Unbound Resolver.
                                          Unbound stopped in 2 sec.
                                          Additional mounts (DNSBL python):
                                            No changes required.
                                          Starting Unbound Resolver... completed [ 12/21/20 15:30:42 ]
                                          Resolver cache restored [ 12/21/20 15:30:43 ]
                                          *** DNSBL update [ 646153 ] [ 571350 ] ... OUT OF SYNC ! ***
                                          

                                          Edit: forgot to add the full log:
                                          log@pastebin

                                          X 1 Reply Last reply Dec 21, 2020, 4:12 PM Reply Quote 0
                                          20 out of 24
                                          • First post
                                            20/24
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received