pfBlockerNG-devel feedback
-
@jegr said in pfBlockerNG-devel feedback:
I checked on pfBlockerNG devel on a 2.4.4 snapshot system. Still shows php56-5.6.34 as dependency. As 2.4.4 runs on php7.2 I'm wondering, why pfBNG requires usage of the old PHP version (in package manager listing)?
The pfSense devs manage that integration. Here is the commit to the makefile:
https://github.com/pfsense/FreeBSD-ports/commit/54dd3d529ac6a55cd0c1e05f0c3956fb668d7cbdThere seem to be some hiccups with this but I believe it to be part of the base pfSense code.
-
@bbcan177 no problem, just wanted to ask as that drew my attention :)
Edit: My mistake, I set the system to "stable" after updating to 2.4.4-snapshots, to get it to 2.4.4-Release without any further snapshot. That switched Packages back to displaying 2.4.3 info, so the PHP version was old. Switching it back to snaps shows a correct 7.2.9 - my bad!
-
@jegr said in pfBlockerNG-devel feedback:
@bbcan177 no problem, just wanted to ask as that drew my attention :)
I did some tests and the only way I could get the PHP version to be out of sync was to set the 2.4.4 machine to use the pfSense 2.3.x branch ?
EDIT: Haha... yes, I was typing as you made your edit !! :)
-
@bbcan177 said in pfBlockerNG-devel feedback:
@jegr said in pfBlockerNG-devel feedback:
@bbcan177 no problem, just wanted to ask as that drew my attention :)
I did some tests and the only way I could get the PHP version to be out of sync was to set the 2.4.4 machine to use the pfSense 2.3.x branch ?
EDIT: Haha... yes, I was typing as you made your edit !! :)
Haha
I was curious, too, as I read through the GIT intel so I backtracked and facepalmed over my own stupidity. Serves me right, better double check my facts before calling bugs 
-
No big deal but just to let you know these feeds have been getting download errors for the last few days..... at least for me.
pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
Ubiquiti Unifi wired and wireless network, APC UPSs
Mac OSX and IOS devices, QNAP NAS -
@BBcan177 Can you see my post https://forum.netgate.com/topic/135362/geoip-policy-based-routing-not-working-with-pfblockerng-devel
To me it appears as an issue with the new version. -
Blutmagie needs to have the State set to "flex" since the TLS settings or the certificates of the site are poor.
For the Dan.me feed, they have rate-limiting. You can move that feed into its own Alias "TOR2" and set it update every 4 hours... I might have to adjust the Feeds Tab to account for this issue. I have been after Dan.me for several months to try to improve this issue. Part of the problem is that pfBlockerNG checks the last-time-stamp of the Feed and Dan.me is counting this as a download attempt which causes the rate-limiting issue.
-
Since some days I have some troubles using pfBlockerNG. From time to time there appears a notification:
There were error(s) loading the rules: /tmp/rules.debug:52: cannot define table pfB_Level4_v4: Cannot allocate memory - The line in question reads [52]: table <pfB_Level4_v4> persist file "/var/db/aliastables/pfB_Level4_v4.txt" @ 2018-09-16 00:38:28Has anyone an idea what the solution might be?
-
@un1que said in pfBlockerNG-devel feedback:
Cannot allocate memory
Need to increase the pfSense > System > Advanced > Firewall & NAT > Firewall Maximum Table Entries
The package defaults it to "2000000", but you might need to increase that value depending on how many Aliastable entries you have. -
@bbcan177
Thanks for your reply! I’ll try that.I now reloaded the IP values via force update and at the end of that process I found those numbers:
pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 104384Before your hint I had 600000 table entries set in advanced settings. But for only about 100k used entries it should have been enough, isn’t it?
-
And the table-entries hard limit was showing 600000 in pfblockerng.log before you made the change ?
-
@ronpfs
I can’t say yet, but I think at the end of the force update process it was showing 600k instead of 2mio now, yes. -
I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).
-
@grimson said in pfBlockerNG-devel feedback:
I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).
Can you check this:
https://forum.netgate.com/topic/135893/getting-crash-reports-after-updating-to-2-4-4/24php -v php_pfb -vVersions should match.
You can also try to start from the shell to see if it shows any errors:
/usr/local/etc/rc.d/pfb_filter.sh restart"Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177 #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
@grimson said in pfBlockerNG-devel feedback:
I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).
I think its running:
ps auxww | grep pfb/usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".
So as long as your still getting firewall events in the Alerts/Reports tab, then it is still working, just not showing that in the the services status as "running".
Still investigating...
-
@grimson said in pfBlockerNG-devel feedback:
I just updated from v2.2.5_15 to v2.2.5_16, now the "pfBlockerNG firewall filter service" refuses to start, according to the dashboard status. There are no errors in the logs (checked both pfB logs and system logs).
Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.
-
@occamsrazor said in pfBlockerNG-devel feedback:
Just to chime in... same situation here, was shown as running Services before I upgraded to v2.2.5_16 but not now.
I posted a PR which reverts the symlink change... Will be v2.2.5_17 once that is merged.
https://github.com/pfsense/FreeBSD-ports/pull/575
"Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177 #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
Sorry for the late answer, I got an emergency call from work and had to leave.
@bbcan177 said in pfBlockerNG-devel feedback:
php -v php_pfb -vVersions should match.
Both show the same version:
PHP 7.2.10 (cli) (built: Sep 14 2018 11:32:18) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.10, Copyright (c) 1999-2018, by Zend TechnologiesYou can also try to start from the shell to see if it shows any errors:
/usr/local/etc/rc.d/pfb_filter.sh restartRestarts without an error.
I think its running:
ps auxww | grep pfb/usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)Yes it's running.
But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".
Yep, looks like it.
-
@bbcan177
I landed here by doing a search as I have the same issue. Thanks for the update! -
BBcan177 posted a quick fix here: https://forum.netgate.com/topic/136155/2-4-4-upgrade-messed-pfbng-beta/3 if the red status icon is bothering you.
