pfBlocker not logging after 2.5.2 pfSense upgrade

cefleet

You can clearly see where I upgraded to 2.5.2 in the screenshot. It is of the dnsbl.log file.

RonpfS

@cefleet When you hover the cursor over the DNSBL / IP numbers, what is the Clear date? Maybe you can clear the counters using the Widget Garbage Icon ?

bs09

I have this same issue. When on 2.5.1 dashboard was working fine. Showed thousands of requests and counters would keep incrementing ever second due to smart devices.

After upgrading to 2.5.2 dashboard was all 0. I reinstalled PfBlockerNG 3.0.0_16. But that didn't change anything. Looking in dbsbl.log after the upgrade it was all old stuff, nothing new. I did a force reload and didn't change anything. I verified it was in fact blocking ads but just nothing showing up in the logs and therefore not the dashboard or reports.

What is strange is this morning there are now a few things in log and dashboard shows 99 things blocked. But even now, logs have stuff from late last night, nothing from today. So not sure what broke w/ the 2.5.2 update.

berthis1958

@bs09 Exactly the same thing happened to me and I tried much the same things as you ... I continue to investigate for a possible solution ...

dpseattle

@ronpfs after letting it run for 12hrs. the widget count is 0 for blocked packets (but confirm ads are being blocked). here is the dnsbl log that only shows a handful from yesterday.

RonpfS

@dpseattle Maybe the .sqlite files have the wrong ownership ?

ls -al /var/unbound/

total 42831
drwxr-xr-x   7 unbound  unbound        39 Jul  9 12:26 .
drwxr-xr-x  27 root     wheel          27 Jun  2  2020 ..
-rw-r--r--   1 root     unbound       176 Jul  5 04:24 access_lists.conf
drwxr-xr-x   2 unbound  unbound         2 Jun  2  2020 conf.d
dr-xr-xr-x   8 root     wheel         512 Jul  5 08:20 dev
-rw-r--r--   1 root     unbound         0 Jul  5 04:24 dhcpleases_entries.conf
-rw-r--r--   1 root     unbound      3371 May  1 00:18 dnsbl_cert.pem
-rw-r--r--   1 root     unbound         0 Jul  5 04:24 domainoverrides.conf
-rw-r--r--   1 root     unbound      3816 Jul  5 04:24 host_entries.conf
drwxr-xr-x   4 root     wheel          58 Oct  2  2020 lib
-rw-r--r--   1 root     unbound      1697 Mar 22 22:01 pfb_dnsbl_lighty.conf
-rw-r--r--   1 root     unbound         0 Jan  8 11:52 pfb_py_cache.dnsbl
-rw-r--r--   1 unbound  unbound      8192 Jul  9 12:13 pfb_py_cache.sqlite
-rw-r--r--   1 root     unbound         7 Jul  9 08:20 pfb_py_count
-rw-r--r--   1 root     unbound  13071812 Jul  9 08:20 pfb_py_data.txt
-rw-r--r--   1 unbound  unbound      8192 Jul  9 12:20 pfb_py_dnsbl.sqlite
-rwxr-xr-x   1 root     wheel     1687428 Jun 28  2020 pfb_py_hsts.txt
-rw-r--r--   1 root     unbound   1687428 Jun 28  2020 pfb_py_hsts.txt.pkgsave
-rw-r--r--   1 root     unbound         0 Jan  8 11:52 pfb_py_resolver.dnsbl
-rw-r--r--   1 unbound  unbound     16384 Jul  9 12:26 pfb_py_resolver.sqlite
-rw-r--r--   1 root     unbound      3475 Apr 18 01:16 pfb_py_ss.txt
-rw-r--r--   1 root     unbound      2793 Mar  2  2019 pfb_py_whitelist.json
-rw-r--r--   1 root     unbound      2750 Mar 22 22:01 pfb_py_whitelist.txt
-rw-r--r--   1 root     wheel    52420053 Jul  9 08:20 pfb_py_zone.txt
-rw-r--r--   1 root     unbound       782 Feb 28 20:19 pfb_unbound.ini
-rwxr-xr-x   1 root     wheel       66726 Apr  7 12:46 pfb_unbound.py
-rw-r--r--   1 root     unbound     43906 Nov  1  2020 pfb_unbound.py.pkgsave
-rwxr-xr-x   1 root     wheel        7077 Mar  6 11:44 pfb_unbound_include.inc
-rw-r--r--   1 root     unbound      5454 Nov  1  2020 pfb_unbound_include.inc.pkgsave
-rw-r--r--   1 root     unbound       300 Dec  8  2018 remotecontrol.conf
-rw-r--r--   1 unbound  unbound       758 Jul  9 08:20 root.key
-rw-r--r--   1 unbound  unbound      2141 Jul  5 04:24 unbound.conf
-rw-r--r--   1 root     unbound      2140 Mar  4 08:19 unbound.conf.error
-rw-r-----   1 unbound  unbound      2459 Dec  8  2018 unbound_control.key
-rw-r-----   1 unbound  unbound      1330 Dec  8  2018 unbound_control.pem
-rw-r-----   1 unbound  unbound      2459 Dec  8  2018 unbound_server.key
-rw-r-----   1 unbound  unbound      1318 Dec  8  2018 unbound_server.pem
drwxr-xr-x   3 root     unbound         3 Mar 22 22:01 usr
drwxr-xr-x   3 root     unbound         3 Mar 22 22:03 var

dpseattle

@ronpfs looks like .sqlite are set to unbound:unbound/

cefleet

@ronpfs Looks like the sqlite files are correct

NickD 0

I'm seeing the same issues with DNSBL. pfSense 2.5.2 upgrade with pfBlocker 3.0.0.16. I just noticed that all blocked HTTP requests are logged fine, however, blocked HTTPS requests are not logged.

cefleet

Looks like mine is logging only HTTP and not HTTPS as well.

NickD 0

@cefleet looks like unbound was regressed from 1.13.x to 1.12.x in 2.5.2 due to some other issues... likely related? although IDK when 1.13.x was added to the main tree. Maybe a configuration option available in 1.13.x but not in 1.12.x is borking the logging?

https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html#dns-resolver

https://redmine.pfsense.org/issues/11915

https://redmine.pfsense.org/issues/11316

berthis1958

@nickd-0 said in pfBlocker not logging after 2.5.2 pfSense upgrade:

@cefleet looks like unbound was regressed from 1.13.x to 1.12.x in 2.5.2 due to some other issues... likely related? although IDK when 1.13.x was added to the main tree. Maybe a configuration option available in 1.13.x but not in 1.12.x is borking the logging?

https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html#dns-resolver

https://redmine.pfsense.org/issues/11915

https://redmine.pfsense.org/issues/11316

oops .. very interesting. It seems a possible cause.

dotsch

@cefleet said in pfBlocker not logging after 2.5.2 pfSense upgrade:

Looks like mine is logging only HTTP and not HTTPS as well.

I have the same problems. Blocking works afer reload, but don't log anymore.

cefleet

I changed from Unbound mode to Unbound Python mode and that has seemed to have fixed things. I thought I did this the other day and it did not work. In any case, it appears to be working now. Thanks for everyone's input.

keyser

@cefleet Please monitor your disk usage as python mode on 21.05/2.5.2 has a an issue on some systems with slowly consuming all diskspace. The key issue is that no files/logfiles report a size / diskusage that accounts for the space usage - they remain sized like before. So you cannot locate the file/problem that fills the filesystem.

This leads to a situation where the filesystem is full, and you need to stop/start pfBlockerNG completely or reboot pfSense to regain your filesystem space.

cefleet

@keyser Thanks for the heads up. I will keep an eye on the disk usage. So far everything looks good.

dotsch

@cefleet said in pfBlocker not logging after 2.5.2 pfSense upgrade:

I changed from Unbound mode to Unbound Python mode and that has seemed to have fixed things. I thought I did this the other day and it did not work. In any case, it appears to be working now. Thanks for everyone's input.

Thank you very much for the hint. I can confirm, that it is working for me with Unbound Python and enabling Python in pfBlocker DNBL.

NickD 0

@dotsch Same here, no issues with the python module and logging.

badprocess

Ok so i also enabled Python Unbound mode and actually the logs are working again. I'll monitor in the coming days the disk occupation

SillieWous

Same story for me. Upgraded on the 15th (as clearly visible in the pictures below). Next to not logging of DNSBL there also seems to be a memory leak, unsure if related.

Is it possible to switch to python unbound with DHCP registration? As it still says "Python DNSBL mode is not compatable with the DNS Resolver DHCP Registration option (Unbound will Crash)!" in the information for selecting python unbound.