[solved] Autostart of pfBlockerNG



  • Hello to all,

    I am using pfBlockerNG 2.1.1_6 on my PCEngines APU2C4 (with pfsense 2.3.3-p1) with good success, using DNSBL it wipes almost all ads from my mobile devices and makes older devices usable again. Great thanks for that!

    I have got one minor issue with my installation and would like to ask if somebody has an idea how to fix it…

    My problem is, that pfBlockerNG is not functional after booting my pfsense. It seems, that my lists are not loaded and unbound does not resolve names (and manually restarting unbound does not fix this).

    After a manual update/reload of pfBlockerNG (firewall --> pfBlockerNG --> Update) everything works fine, unbound is working and all the lists are loaded.

    I attached the two outputs on the dashboard (the first one is after boot up and non functional; the second one is aber the manual update and everything ist fine).

    Any idea is appreciated!

    Best regards
    Jan

    ![Bildschirmfoto 2017-03-16 um 09.39.16.jpg](/public/imported_attachments/1/Bildschirmfoto 2017-03-16 um 09.39.16.jpg)
    ![Bildschirmfoto 2017-03-16 um 09.39.16.jpg_thumb](/public/imported_attachments/1/Bildschirmfoto 2017-03-16 um 09.39.16.jpg_thumb)
    ![Bildschirmfoto 2017-03-16 um 09.44.28.png](/public/imported_attachments/1/Bildschirmfoto 2017-03-16 um 09.44.28.png)
    ![Bildschirmfoto 2017-03-16 um 09.44.28.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2017-03-16 um 09.44.28.png_thumb)


  • Moderator

    See the following redmine:
        https://redmine.pfsense.org/issues/6603

    Issue is that your box wipes the /var folder on reboot… and the Resolver still has an include line to the DNSBL database... which stops Unbound from starting.

    Until the patch is added to the Resolver code, when rebooting, just delete the Resolver adv. setting and then run a Force Update to get it all working again following the reboot...

    server:include: /var/unbound/pfb_dnsbl.conf
    


  • Thank you very much for clarifying!

    You are right, I am using a (small 16GB) SSD in my pfSense installation and I checked the option to move /tmp and /var to a ramdisk in order to a longer SSD lifetime (I think the SSD makes wear leveling, but is too small for a really longtime operation with a lots of writes).

    I understand, that this is an issue, that could not be easily fixed within pfBlockerNG and even not in pfSense. I would expect, that it will take a longer until there will be a fix in unbound.

    My short term solution will be to reconfigure the DHCP-server on my "AdBlock" LAN to deliver a primary DNS on the local LAN address and a secondary DNS for the usage after a (unattended) reboot. This will enable all clients to use DNS until I restarted pfBlockerNG manually by forcing an update.

    As a long term solution I will install pfSense on a bigger  SSD and uncheck the ramdisk option. I would expect that a 128 GB SSD will - thanks to the wear leveling - survive for a long time.

    Thank you very much and best regards
    Jan



  • Sorry for the the newbie question, but  where is "delete the Resolver adv. setting" in the GUI?



  • @patrick0525:

    Sorry for the the newbie question, but  where is "delete the Resolver adv. setting" in the GUI?

    Hi,

    you find it:

    Services –> DNS Resolver --> General Settings --> Custom Options

    In the "Custom Options" field the list provided by pfBlockerNG is included ("server:include: /var/unbound/pfb_dnsbl.conf"). Simply delete this line.

    Best regards
    Jan



  • Pfsnooker,
    Thank you.