Cant find pfb's inc to fix error –- Allowed memory size of 536870912

tross9

I found a post where the following was suggested: I cant find the INC file.

The problem seems to be related to i386 installation.
The fix is to edit /usr/local/pkg/pfblockerng/pfblockerng.inc  (Diagnostics/Edit File)
go to line 236

change
Code: [Select]
pfb_global();

// DNSBL Lighttpd HTTPS Daemon (Scans Lighttpd dnsbl_error.log for requested https domain names)
if (isset($argv[1]) && $argv[1] == 'dnsbl') {to
Code: [Select]
pfb_global();
ini_set('memory_limit', '300M');

// DNSBL Lighttpd HTTPS Daemon (Scans Lighttpd dnsbl_error.log for requested https domain names)
if (isset($argv[1]) && $argv[1] == 'dnsbl') {

–------------------------------------------------    my specs ---------------------------------------------------------------------
running Ubuntu 14.
pfsense 2.3.2
the problem started after I upgraded to 2.3.2 ( did not see the error before that)
Firewall Maximum Table Entries  = 4000000
deny inbound to all but the US.  ( noticed that some ips are getting thru, other are denied  4 out of the fifty losted ( 3 from china 1 from turkey)

--------------------------------------------------    my crash report ---------------------------------------------------------------------

Crash report begins.  Anonymous machine information:

amd64
10.3-RELEASE-p5
FreeBSD 10.3-RELEASE-p5 #0 7307492(RELENG_2_3_2): Tue Jul 19 13:29:35 CDT 2016    root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[05-Sep-2016 10:47:16 America/New_York] PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 23 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3874
[05-Sep-2016 10:47:16 America/New_York] PHP Stack trace:
[05-Sep-2016 10:47:16 America/New_York] PHP  1. {main}() /usr/local/www/pkg_edit.php:0
[05-Sep-2016 10:47:16 America/New_York] PHP  2. eval() /usr/local/www/pkg_edit.php:253
[05-Sep-2016 10:47:16 America/New_York] PHP  3. sync_package_pfblockerng() /usr/local/www/pkg_edit.php(253) : eval()'d code:3
[05-Sep-2016 10:47:16 America/New_York] PHP  4. file() /usr/local/pkg/pfblockerng/pfblockerng.inc:3874
[05-Sep-2016 10:56:06 America/New_York] PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 72 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3874
[05-Sep-2016 10:56:06 America/New_York] PHP Stack trace:
[05-Sep-2016 10:56:06 America/New_York] PHP  1. {main}() /usr/local/www/pkg_edit.php:0
[05-Sep-2016 10:56:06 America/New_York] PHP  2. eval() /usr/local/www/pkg_edit.php:253
[05-Sep-2016 10:56:06 America/New_York] PHP  3. sync_package_pfblockerng() /usr/local/www/pkg_edit.php(253) : eval()'d code:3
[05-Sep-2016 10:56:06 America/New_York] PHP  4. file() /usr/local/pkg/pfblockerng/pfblockerng.inc:3874

BBcan177

Upgrade the pfBlockerNG package to the latest version. After that there is no need to edit any Inc files.

However, if you are blocking the world (not recommended… read the notes at the top of the GeoIP pages), then you will need to bump the Firewall max table entries to 10M.

tross9

Thanks.

I'm now at pfblk 2.1.1.4 up from 2.1.1.2
I'll change the max from 4m to 10m

I wish I did not have to block the world. and I was seeing ip's from Russia, china, Poland, turkey, Africa, brazil accessing my system and trying to execute command.php,  ip_jason.php and other commands

my site is for family and friends only ( all in U.S.)
and it looked like the world was pinging or accessing my system.

again Thanks I'll see if that fixes the crash

BBcan177

@tross9:

my site is for family and friends only ( all in U.S.)
and it looked like the world was pinging or accessing my system.

Hehe. You just answered your own question. Why add rules to block the world, when you can just create a single rule to permit just the US GeoIPs?  Much more sane and efficient for the Firewall.

tross9

so;
If I allow inbound GeoIp rule for only US IPs then by default all other are denied?  True?.

but either way it looking like pfblocker is working. ( 100% again)
I'm now seeing the Geoip rules listed in the dashboard ( did not see any listed when using 2.1.1.2 )
no crash errors yet.
not seeing any allowed inbound from china or anywhere else
over 500 packets denied and Count > 3,000,000

Again Thanks,
I'll need to look at a reverse rule ( allow inbound US only) but I know just enough about firewalls to be dangerous or screw up the works so that no one get in our out.