Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfBlockerNG v2.1 w/TLD

    pfBlockerNG
    42
    124
    59981
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177
      BBcan177 Moderator last edited by

      PR # 156/157 have been posted for pfBlockerNG v2.1.1

      CHANGELOG:

      MaxMind GeoLite2

      New Changes here:
          https://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/

      Highlights:

      • GeoLite2 data is already in CIDR format, so should be faster to process then the previous GeoLite data which was in Range format.

      • GeoLite2 data now includes "Represented IPs" along with "Registered IPs"… So the options now include Countries with "_rep".

      • Asia and Europe have an "Undefined" Network list which is now available to be used.

      • Localized Language options are available… See General Tab.

      • Add Antarctica Tab.

      • Downloads via HTTPS MaxMind URLs

      • Top 20 Spammers Tab is now auto-generated (as other GeoIP Tabs)

      DNSBL TLD (Beta Feature)

      DNSBL TLD is a new feature to determine if all Sub-Domains should be blocked for each listed Domain. TLD is more memory intensive and is not recommended for low performance/Low-Memory installations. TLD will limit the number of Domains that can be processed, Once the TLD Domain limit below is exceeded, the balance of the Domains will be listed as-is. IE: Blocking only the listed Domain (Not Sub-Domains).

      TLD Domain Limit Restrictions:

      < 1.0GB RAM - Max 100k Domains
          < 1.5GB RAM - Max 150k Domains
          < 2.0GB RAM - Max 200k Domains
          < 2.5GB RAM - Max 250k Domains
          < 3.0GB RAM - Max 400k Domains
          < 4.0GB RAM - Max 600k Domains
          < 5.0GB RAM - Max 1.0M Domains
          < 6.0GB RAM - Max 1.5M Domains
          < 7.0GB RAM - Max 2.5M Domains
          > 7.0GB RAM - > 2.5M Domains

      When enabled and after all downloads for DNSBL Feeds have completed; TLD will process the Domains. TLD uses a predetermined list of TLDs, to determine if the listed Domain should be configured to block all Sub-Domains. The predetermined TLD list can be found in [  [i] /usr/local/pkg/pfblockerng/dnsbl_tld   ]

      Options to Blacklist whole TLDs with a provision to Whitelist specific Domain/Sub-Domains in these TLD Blacklists. With the TLD Whitelist option, Alerts will not populate, as the Domains are in a "Static" Resolver zone and as such DNS resolution is via NXDOMAIN.

      Options to exclude certain TLDs and/or Domains from the TLD Process.

      Lists of worst TLDs:

      https://www.spamhaus.org/statistics/tlds/
          http://toolbar.netcraft.com/stats/tlds

      The TLD feature has so far been tested by approximately a dozen beta testers.

      Other Improvements

      • Improve OpenVPN Auto-Rule options

      • Add IPSec Auto-Rule options

      • Add Malware Corpus Tracker to the DNSBL parser www.h3x.eu

      • DNSBL and Alexa Whitelisting has been improved to remove all Sub-Domains. This is accomplished by prefixing a "dot" before the Domain name in the Custom Whitelist.

      • Fix issue with the "XMLRPC Sync" tab - Disable Sync option of "General tab settings" was previously reversed

      • DNSBL Alerts Tab- The Whitelisting User Input popup has been improved.

      • Alerts Tab - Added an "Icon Legend" to the bottom of the page.

      • Escape Log Browser data before printing to screen.

      • Escape Update Tab log before printing to screen.

      • Add additional Alerts Tab Threat Lookups

      • Intel - Threat Intelligence (Formerly McAfee)

      • Threat Miner

      • Threat Crowd

      • Ransomware Tracker

      • Google Safe-Browsing

      • NetCraft Site Report

      • hpHosts

      • mnemonic Passive DNS

      • Other under-the-hood improvements

      1 Reply Last reply Reply Quote 0
      • luckman212
        luckman212 last edited by

        This sounds like an awesome update!  Thanks for your hard work.

        I am trying to better understand what the new TLD feature enables us to do. Would it e.g. allow a captive portal to be set up which allows *.facebook.com (to enable Facebook logins) for example?

        1 Reply Last reply Reply Quote 0
        • BBcan177
          BBcan177 Moderator last edited by

          The TLD feature is used by pfBlockerNG DNSBL for Domain blocking via the Unbound DNS Resolver.

          When "TLD" is enabled… It checks each Domain to see what the TLD (Top-Level domain) is for each listed Domain in the DNSBL Blacklist Feeds... then if there is one more level, it will block the whole Domain since its the root Domain name....

          When Feeds do not post the Full-Domain, then only the listed Sub-Domains are blocked... 
          ie: ads.yahoo.com  Will ony block that Sub-Domain and not yahoo.com

          Example 1:
          download.101com.com

          com                                - Top-Level Domain
          101com.com                  - Second-level Domain
          download.101com.com  - Third-level Domain

          Example 2:
          example.uk.com

          uk.com                          - Top-Level Domain
          example.uk.com            - Second-Level Domain

          The DNSBL database is located at    /var/unbound/pfb_dnsbl.conf

          When TLD is enabled, in that conf file you will see "transparent" zones, which means its only blocking the actual Domains listed…  None of the Sub-Domains are blocked...

          Scroll down that file, and look for lines that have "redirect" zones, which means its blocking the full Domain and all Sub-Domains…

          You can also block whole TLD(s) like  | cn  |  ru  | pw  |  xyz  | etc…. Option also exist to Whitelist specific Domains when the whole TLD is being blocked.

          The following Unbound documentation has additional detail on the "Local-zone" configuration:
              https://unbound.net/documentation/unbound.conf.html

          1 Reply Last reply Reply Quote 0
          • S
            someuser123 last edited by

            YeY ;D :D :) ;) huge update, awesomeness cant wait for this update, thanks for all your hard work….

            1 Reply Last reply Reply Quote 0
            • B
              brandur last edited by

              Sounds like a very exciting update :D
              Thank you

              1 Reply Last reply Reply Quote 0
              • Pippin
                Pippin last edited by

                Very nice addition, chapeau 8)

                1 Reply Last reply Reply Quote 0
                • P
                  pftdm007 last edited by

                  Cant wait for this update to roll out!!!!!

                  1 Reply Last reply Reply Quote 0
                  • Z
                    zerodamage last edited by

                    Is this available to install now?  I am only showing version 2.0.17 for update.  I uninstalled hoping maybe I would then see the updated version but it's still not there.

                    As a matter of fact, it says "Not Ready" in the update window when trying to install or update it now.  I now do not have it installed and am not able to install it but my system says it is installed.

                    It actually did install but only to version 2.0.17.  Is that right?

                    1 Reply Last reply Reply Quote 0
                    • BBcan177
                      BBcan177 Moderator last edited by

                      https://twitter.com/pfsense/status/755227123187449856

                      1 Reply Last reply Reply Quote 0
                      • BBcan177
                        BBcan177 Moderator last edited by

                        The latest version of pfBlockerNG  v2.1.1_1  has been reviewed and merged into pfSense 2.3.3 Dev. If your on the 2.3.3 Snapshots, its available to be installed now.

                        I believe that the Devs will merge it for pfSense 2.3.2 shortly, so stay tuned for the update.

                        If you have any questions or Feedback, please let me know….

                        Please Read the instructions in the DNSBL tab for the new TLD feature before enabling it.
                        Once enabled, follow that with a "Force Reload - DNSBL".

                        Review any MaxMind GeoIP settings, since there have been significant changes with the upgrade to GeoLite2.

                        Note: If you have less than 5GB of RAM and you have added the Bambenek DGA DNSBL Feed, please move that to the last entry in the DNSBL Feeds. Since that feed is quite large (700k+ Domains), its best to allow TLD to process the other Feeds first before hitting the max TLD Domain limit.  (http://osint.bambenekconsulting.com/feeds/dga-feed.gz).

                        1 Reply Last reply Reply Quote 0
                        • F
                          f34rinc last edited by

                          Nice work BBcan177  :D  setup blocking of .ru as a test and it works.

                          1 Reply Last reply Reply Quote 0
                          • D
                            DownloadDeviant last edited by

                            THANKS! Can't wait! Good stuff….great work...and thanks for helping us dumb dumbs  :P here and over at Reddit!

                            PS - is there a quick n dirty way to test PFBNG to be sure you've generally set it up correctly? Like going to a website and not seeing ads, etc.?

                            1 Reply Last reply Reply Quote 0
                            • M
                              mauroman33 last edited by

                              Thank you so much for this fantastic work!!!

                              1 Reply Last reply Reply Quote 0
                              • BBcan177
                                BBcan177 Moderator last edited by

                                @DownloadDeviant:

                                THANKS! Can't wait! Good stuff….great work...and thanks for helping us dumb dumbs  :P here and over at Reddit!

                                PS - is there a quick n dirty way to test PFBNG to be sure you've generally set it up correctly? Like going to a website and not seeing ads, etc.?

                                Thanks… Are you on the latest 2.1.1_1 version?  Haven't heard much feedback yet, so not sure if many have installed it yet...

                                Not sure what sites are the worst for ADs... but yahoo is probably up there....

                                @mauroman33:

                                Thank you so much for this fantastic work!!!

                                Thanks!

                                1 Reply Last reply Reply Quote 0
                                • D
                                  DownloadDeviant last edited by

                                  @BBcan177:

                                  Thanks… Are you on the latest 2.1.1_1 version?  Haven't heard much feedback yet, so not sure if many have installed it yet...

                                  Not sure what sites are the worst for ADs... but yahoo is probably up there....

                                  I'm still on 2.0.17. I've slowed down my updating a bit since I've had some snags and had to rebuild 3 times in the past 7 weeks. Two were my fault…lol I thought I had router plugged into the battery port on the UPS but didn't...storm hit...lost power...pf went corrupt. Sooooooooo, I'm a bit worn out on tampering right now. lol That said, I'll probably upgrade it this weekend.

                                  Yahoo it is then. I'm very new to pfBNG so I need to learn it and get comfortable. I don't want to get  too aggressive. I just want it to serve as a companion for my Firefox plugins and to help keep my girlfriend protected.

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    someuser123 last edited by

                                    pfBlockerNG-2.1.1_1 is working like charm, On 2.3.3-DEVELOPMENT (amd64) no issues.

                                    TLD Blacklist is really handy, Thanks BBcan177

                                    1 Reply Last reply Reply Quote 0
                                    • BBcan177
                                      BBcan177 Moderator last edited by

                                      Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

                                      Site:
                                      http://track.h3x.eu/about/400

                                      Available Feeds:
                                      https://tracker.h3x.eu/api/sites_1month.php
                                      https://tracker.h3x.eu/api/sites_1week.php
                                      https://tracker.h3x.eu/api/sites_1day.php
                                      https://tracker.h3x.eu/api/sites_1hour.php

                                      DO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour".

                                      [ Edit - change to https ]

                                      Twitter:
                                      https://twitter.com/h3x2b

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        ntct last edited by

                                        Hi BBcan177,

                                        I can't update h3x feed from available feeds list in pfBlockerNG v2.1.

                                        It show below.

                                        [ h3x ]			 Downloading update .. 200 OK
                                         Remote timestamp missing 
                                         No Domains Found
                                        

                                        And I can't let TLD Exclusion List working. Can you give a example or check it works?

                                        1 Reply Last reply Reply Quote 0
                                        • RonpfS
                                          RonpfS last edited by

                                          @ntct:

                                          Hi BBcan177,

                                          I can't update h3x feed from available feeds list in pfBlockerNG v2.1.

                                          It show below.

                                          [ h3x ]			 Downloading update .. 200 OK
                                           Remote timestamp missing 
                                           No Domains Found
                                          

                                          Same here

                                          @ntct:

                                          And I can't let TLD Exclusion List working. Can you give a example or check it works?

                                          Did you do a Force Reload after changing the list ?

                                          1 Reply Last reply Reply Quote 0
                                          • H
                                            hulleyrob last edited by

                                            [ 1month ]		 Downloading update .. 200 OK
                                              Remote timestamp missing 
                                             No Domains Found
                                            
                                            [ 1week ]		 Downloading update [ 07/30/16 12:31:20 ] .. 200 OK
                                              Remote timestamp missing 
                                             No Domains Found
                                            
                                            [ 1day ]		 Downloading update .. 200 OK
                                              Remote timestamp missing 
                                             No Domains Found
                                            
                                            [ 1hour ]		 Downloading update .. 200 OK
                                              Remote timestamp missing 
                                             No Domains Found
                                            

                                            Me three, anyone post how exactly you get these list working?

                                            1 Reply Last reply Reply Quote 0
                                            • BBcan177
                                              BBcan177 Moderator last edited by

                                              Here is a patch to fix the H3X Feed…  Sorry about that  ...

                                              @BBcan177:

                                              Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

                                              UPDATE:

                                              Guess the internal QA testing didn't work too well when I tested this Feed.
                                              Please follow these instructions below to patch the code to get the following feed to parse:

                                              Edit     /usr/local/pkg/pfblockerng/pfblockerng.inc

                                              Goto Line 3368 which contains the following:

                                              $h3x_feed = TRUE;
                                              

                                              Reference:
                                              https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3368

                                              and add the following line after line 3368:

                                              $liteparser = TRUE;
                                              

                                              Then follow that with a    "Force Update"

                                              1 Reply Last reply Reply Quote 0
                                              • BBcan177
                                                BBcan177 Moderator last edited by

                                                @ntct:

                                                And I can't let TLD Exclusion List working. Can you give a example or check it works?

                                                Can you provide more detail about what you're trying to accomplish?

                                                1 Reply Last reply Reply Quote 0
                                                • H
                                                  hulleyrob last edited by

                                                  Works for me.

                                                  For the lazy:

                                                  vi +3368 /usr/local/pkg/pfblockerng/pfblockerng.inc
                                                  

                                                  to go straight to the line.

                                                  Thanks BBcan

                                                  1 Reply Last reply Reply Quote 0
                                                  • BBcan177
                                                    BBcan177 Moderator last edited by

                                                    I have posted a PR #164 to fix the H3x parser issue noted above.
                                                    ‎https://github.com/pfsense/FreeBSD-ports/pull/164‎

                                                    Once this is merged the pkg will be at version 2.1.1_2.

                                                    If you manually edited the file noted above, or not, you do not need to make any further changes with this version.

                                                    1 Reply Last reply Reply Quote 0
                                                    • O
                                                      oddworld19 last edited by

                                                      …...and I'm buying another 8 gigs RAM tonight (from 8G to 16G) now that unbound is VIRT 12.3G and I've swapped 6G.

                                                      Worth it though.

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        Andrew453 last edited by

                                                        Hi BBcan177

                                                        Thanks for implementing this.  Would you be able to explain a bit more what the role of the /usr/local/pkg/pfblockerng/dnsbl_tld file is please?

                                                        I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher.  But it seems itself to contain some second level domains?

                                                        That said, when I've looked that the /var/unbound/pfb_dnsbl.conf on my set up that pfblockerng has created, it does contain exactly what I would expect to see (i.e. full blocking of the entire domain for second level domains, but only specific blocking for higher level domains).  So it does seem to be doing exactly what I'd like it to, but I'm not sure how the dnsbl_tld file is working to do that.

                                                        Thanks.

                                                        1 Reply Last reply Reply Quote 0
                                                        • Qinn
                                                          Qinn last edited by

                                                          Hi BBcan177,

                                                          Is there any good install/setup/configure instruction (video or guide) for the last version op pfblockerNG, that you could/would recommend?

                                                          Thanks for your advice, cheers Qinn

                                                          1 Reply Last reply Reply Quote 0
                                                          • BBcan177
                                                            BBcan177 Moderator last edited by

                                                            @Andrew453:

                                                            I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher.  But it seems itself to contain some second level domains?

                                                            Hi Andrew453,

                                                            If I only used the TLD, it would be a simple process of looking at any listed Domain and seeing if it had only a second-level Domain (SLD) then block the entire Domain. However, there are suffixes like "uk.com" which is what I would call the TLD that is used to determine if there is one more level. So all of the TLDs (suffixes) in that file are known TLDs which is used in the determination process. Most of the file was taken from the "Public Suffix Registry".

                                                            1 Reply Last reply Reply Quote 0
                                                            • BBcan177
                                                              BBcan177 Moderator last edited by

                                                              @Qinn:

                                                              Hi BBcan177,

                                                              Is there any good install/setup/configure instruction (video or guide) for the last version op pfblockerNG, that you could/would recommend?

                                                              Thanks for your advice, cheers Qinn

                                                              There is a pfSense Hangout that I did which can be used for an overview of the pkg functionality. However, apart from the three main pfBlockerNG threads in this forum, there isn't any other documentation.

                                                              1 Reply Last reply Reply Quote 0
                                                              • Qinn
                                                                Qinn last edited by

                                                                Thanks for the quick reply. Darn  :( I found this one can you can agree to this one?

                                                                https://www.youtube.com/watch?v=YLhDOaH0q5U

                                                                1 Reply Last reply Reply Quote 0
                                                                • A
                                                                  Andrew453 last edited by

                                                                  @BBcan177:

                                                                  @Andrew453:

                                                                  I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher.  But it seems itself to contain some second level domains?

                                                                  Hi Andrew453,

                                                                  If I only used the TLD, it would be a simple process of looking at any listed Domain and seeing if it had only a second-level Domain (SLD) then block the entire Domain. However, there are suffixes like "uk.com" which is what I would call the TLD that is used to determine if there is one more level. So all of the TLDs (suffixes) in that file are known TLDs which is used in the determination process. Most of the file was taken from the "Public Suffix Registry".

                                                                  Yes ok.  That's exactly what I thought the file was for.  (i.e. some eTLDs are longer than others, so you need a list e.g. .com vs .co.uk to work out what to treat as an eTLD)

                                                                  The thing that was confusing me was there were some domains in the list that looked a bit odd, e.g.

                                                                  myactivedirectory.com
                                                                  mydrobo.com
                                                                  mysecuritycamera.com
                                                                  myshopblocks.com
                                                                  myvnc.com

                                                                  I think all you're saying is that pfblockerng will treat those as eTLDs even though, strictly speaking, they aren't … which is fine.

                                                                  p.s. a big thank you for implementing this.  It was on my wish-list as I recall - https://forum.pfsense.org/index.php?topic=106534

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • ?
                                                                    Guest last edited by

                                                                    @RonpfS:

                                                                    @ntct:

                                                                    Hi BBcan177,

                                                                    I can't update h3x feed from available feeds list in pfBlockerNG v2.1.

                                                                    It show below.

                                                                    [ h3x ]			 Downloading update .. 200 OK
                                                                     Remote timestamp missing 
                                                                     No Domains Found
                                                                    

                                                                    Same here

                                                                    @ntct:

                                                                    And I can't let TLD Exclusion List working. Can you give a example or check it works?

                                                                    Did you do a Force Reload after changing the list ?

                                                                    I'm on 2.1.1_2, the h3x fix is included, but I get the same error as above.

                                                                    I tried with Update, Cron , Reload.

                                                                    [ malw_corpus ] Downloading update .. 200 OK
                                                                      Remote timestamp missing
                                                                    No Domains Found

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • C
                                                                      CiscoX last edited by

                                                                      Hi,
                                                                      Thank you for your hard work on this package :)

                                                                      After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
                                                                      The DNSBL_EasyList won't delete the packets

                                                                      ![Desktop 31-07-2016 17.00.06-358.png_thumb](/public/imported_attachments/1/Desktop 31-07-2016 17.00.06-358.png_thumb)
                                                                      ![Desktop 31-07-2016 17.00.06-358.png](/public/imported_attachments/1/Desktop 31-07-2016 17.00.06-358.png)
                                                                      [Video 31-07-2016 16.54.57.zip](/public/imported_attachments/1/Video 31-07-2016 16.54.57.zip)

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • RonpfS
                                                                        RonpfS last edited by

                                                                        @Redyr:

                                                                        I'm on 2.1.1_2, the h3x fix is included, but I get the same error as above.

                                                                        I tried with Update, Cron , Reload.

                                                                        [ malw_corpus ] Downloading update .. 200 OK
                                                                          Remote timestamp missing
                                                                        No Domains Found

                                                                        Each URL contains sites that were active in the last period (month, week, day or hour).

                                                                        If you look at the 1hour or the 1day csv file, they only have one comment. The 1week and 1month have entries.

                                                                        You should only choose one of the feeds according to your need. I guess most will pick the 1month URL.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • P
                                                                          pftdm007 last edited by

                                                                          Not sure if this is related to pfblockerNG (2.1 w/ TLD) but I went to the package manager to install a package, and saw that my copy of pfblockerNG was outdated, so I clicked the yellow round arrow to update the package.  It went well, but immediately after I returned to the package manager I was greeted with a red ribbon saying "Unable to retrieve package information".  This happens for the "Installed Packages as well as "Available Packages" tabs!

                                                                          On the main page, I see "Obtaining update status ", then it turns to "Unable to check for updates".

                                                                          Tried disabling both pfblockerNG and DNSBL to no avail.  Snort is disabled and the blocked hosts list is empty.

                                                                          Now I cannot update, install or uninstall packages….  How do I remedy to this?

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • A
                                                                            Andrew453 last edited by

                                                                            I've had that trouble before too.  It happened when I was trying to change from the development thread for updates to the stable thread.  I couldn't update anything.  I eventually found some instructions to reinstall the main pfsense components from the command line.  I ended up still on the development thread and didn't venture to try to change it back after that.

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • P
                                                                              pftdm007 last edited by

                                                                              @Andrew453:

                                                                              I've had that trouble before too.  It happened when I was trying to change from the development thread for updates to the stable thread.  I couldn't update anything.  I eventually found some instructions to reinstall the main pfsense components from the command line.  I ended up still on the development thread and didn't venture to try to change it back after that.

                                                                              Not sure I understand that.  I am not playing with development stuff, nor that I am configured to retrieve packages from development repos..  Just a vanilla pfsense install with pfblockerNG, snort and thats it.  Not normal all of a sudden I lose connection to repos..

                                                                              Also after a reboot I see these warnings in the main page:

                                                                              There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00
                                                                              There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11
                                                                              There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20 
                                                                              
                                                                              1 Reply Last reply Reply Quote 0
                                                                              • BBcan177
                                                                                BBcan177 Moderator last edited by

                                                                                @lpallard:

                                                                                There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00
                                                                                There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11
                                                                                There were error(s) loading the rules: /tap/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20 
                                                                                

                                                                                These all seem to be related to the MaxMind IPv6 database. Looks like you will need to bump the pfSense max aliastable entries limit from 2M to 4M. If you enable aggregation in the general tab, it should condense the CIDRs and reduce the overall IP count. This changed due to using the new MaxMind Geolite2 database which seems to have smaller subsets of the data listed causing more IP entries to be added.

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • BBcan177
                                                                                  BBcan177 Moderator last edited by

                                                                                  @CiscoX:

                                                                                  After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
                                                                                  The DNSBL_EasyList won't delete the packets

                                                                                  I am away for a few weeks but will check that out. Seems like some regression somewhere. Thanks for reporting.

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • J
                                                                                    java007md last edited by

                                                                                    @lpallard:

                                                                                    Not sure if this is related to pfblockerNG (2.1 w/ TLD) but I went to the package manager to install a package, and saw that my copy of pfblockerNG was outdated, so I clicked the yellow round arrow to update the package.  It went well, but immediately after I returned to the package manager I was greeted with a red ribbon saying "Unable to retrieve package information".  This happens for the "Installed Packages as well as "Available Packages" tabs!

                                                                                    On the main page, I see "Obtaining update status ", then it turns to "Unable to check for updates".

                                                                                    Tried disabling both pfblockerNG and DNSBL to no avail.  Snort is disabled and the blocked hosts list is empty.

                                                                                    Now I cannot update, install or uninstall packages….  How do I remedy to this?

                                                                                    From the following thread:

                                                                                    https://forum.pfsense.org/index.php?topic=116019.0

                                                                                    I followed the ssh command line execution steps:

                                                                                    pkg update -f
                                                                                    pkg upgrade -f

                                                                                    and the same problem was resolved.

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post

                                                                                    Products

                                                                                    • Platform Overview
                                                                                    • TNSR
                                                                                    • pfSense
                                                                                    • Appliances

                                                                                    Services

                                                                                    • Training
                                                                                    • Professional Services

                                                                                    Support

                                                                                    • Subscription Plans
                                                                                    • Contact Support
                                                                                    • Product Lifecycle
                                                                                    • Documentation

                                                                                    News

                                                                                    • Media Coverage
                                                                                    • Press
                                                                                    • Events

                                                                                    Resources

                                                                                    • Blog
                                                                                    • FAQ
                                                                                    • Find a Partner
                                                                                    • Resource Library
                                                                                    • Security Information

                                                                                    Company

                                                                                    • About Us
                                                                                    • Careers
                                                                                    • Partners
                                                                                    • Contact Us
                                                                                    • Legal
                                                                                    Our Mission

                                                                                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                                                    Subscribe to our Newsletter

                                                                                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                                                    © 2021 Rubicon Communications, LLC | Privacy Policy