pfBlockerNG-devel feedback

Grimson

Sorry for the late answer, I got an emergency call from work and had to leave.

@bbcan177 said in pfBlockerNG-devel feedback:

php -v
php_pfb -v
Versions should match.

Both show the same version:

PHP 7.2.10 (cli) (built: Sep 14 2018 11:32:18) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10, Copyright (c) 1999-2018, by Zend Technologies

You can also try to start from the shell to see if it shows any errors:
/usr/local/etc/rc.d/pfb_filter.sh restart

Restarts without an error.

I think its running:

ps auxww | grep pfb

/usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog (php)

Yes it's running.

But now thats its a symlink and not a link, the Services function might not see the executable "php_pfb".

Yep, looks like it.

Xentrk

@bbcan177
I landed here by doing a search as I have the same issue. Thanks for the update!

Grimson

BBcan177 posted a quick fix here: https://forum.netgate.com/topic/136155/2-4-4-upgrade-messed-pfbng-beta/3 if the red status icon is bothering you.

stownplayer

Just updated and still have the same issue. I'm on 2.2.5_17 and the filter service is still red.

occamsrazor

@stownplayer Try the quick fix in the post 2 above this.... worked fine for me.

stownplayer

@occamsrazor We think my pfsense install is corrupted in some way. I'm going to re-install 2.4.4 and then reload the config. I tried those commands not long after they were posted and it did not work.

Veldkornet

On my dashboard, DNSBL always has a yellow icon and says

DNSBL is out of sync. Perform a force reload to correct.

0_1538905435877_11dec9f0-7baf-4b97-a9e7-cb372d0d80c8-image.png

Although I’ve already done a force reload a few times...

Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

Hugovsky

after upgrade to latest _17, I can't open 10.10.10.1 with browser. pfBlocker seems to be working and logging fine but can't get the 10.10.10.1 page. Is it normal?

BBcan177

@veldkornet said in pfBlockerNG-devel feedback:

On my dashboard, DNSBL always has a yellow icon and says
DNSBL is out of sync. Perform a force reload to correct.

Although I’ve already done a force reload a few times...
Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

For the Sync issue: Typically this is caused by having multiple feeds with the same "Header/Label" name. Every Header needs to be unique. Also can be caused if you have a duplicated Feed.

For the Certificate errors, you can fix this in pfBlockerNG-devel, see here:
https://forum.netgate.com/topic/136302/is-hiding-dnsbl-alerts-without-whitlisting-possible

BBcan177

@hugovsky said in pfBlockerNG-devel feedback:

after upgrade to latest _17, I can't open 10.10.10.1 with browser. pfBlocker seems to be working and logging fine but can't get the 10.10.10.1 page. Is it normal?

Any errors in the system.log when you restart the service?

What happens if you try to start it from the shell?

/usr/local/etc/rc.d/pfb_filter.sh restart

Also check the pfblockerng.log for any errors.

Hugovsky

system log:

Oct 7 17:18:32 	check_reload_status 		Syncing firewall
Oct 7 17:18:32 	php_pfb 		[pfBlockerNG] filterlog daemon started
Oct 7 17:18:32 	php-fpm 	960 	[pfBlockerNG] Restarting firewall filter daemon
Oct 7 17:18:32 	check_reload_status 		Reloading filter
Oct 7 17:18:31 	check_reload_status 		Syncing firewall
Oct 7 17:18:31 	check_reload_status 		Syncing firewall
Oct 7 17:18:29 	php 		[pfBlockerNG] DNSBL parser daemon started

pfblockerng.log after stop/start of pfBlocker in GUI:

**Saving configuration [ 10/07/18 17:16:23 ]**
Reloading Unbound Resolver..... completed [ 10/07/18 17:16:24 ]
DNSBL update [ 1147610 | PASSED  ]... completed [ 10/07/18 17:16:25 ]
Removing DNSBL Unbound custom option
------------------------------------------------------------------------
Saving DNSBL config changes.VIP address configured. Widget Packet statistics reset.
Stop Service DNSBL

** DNSBL Disabled **

** Stopping firewall filter daemon **

**Saving configuration [ 10/07/18 17:17:57 ]**

Configuring DNSBL... completed
Reloading Unbound Resolver..... completed [ 10/07/18 17:18:27 ]
DNSBL update [ 1147610 | PASSED  ]... completed [ 10/07/18 17:18:28 ]
Adding DNSBL Unbound server:include option
------------------------------------------------------------------------
Saving new DNSBL web server configuration to port [ 9081 and 9443 ]
Saving DNSBL config changes.VIP address configured. Widget Packet statistics reset.

Restarting DNSBL Service

** Restarting firewall filter daemon **

using /usr/local/etc/rc.d/pfb_filter.sh restart it's a no go too.

I has using 2.4.4 beta from 04 september before and pfblocker _12 and it was working. I've updated pfblocker to _17 and lost the block page. Upgraded pfsense to latest beta 2.4.5. Didn't solved it.

BBcan177

@hugovsky said in pfBlockerNG-devel feedback:

I has using 2.4.4 beta from 04 september before and pfblocker _12 and it was working. I've updated pfblocker to _17 and lost the block page. Upgraded pfsense to latest beta 2.4.5. Didn't solved it.

When you ran that command from the shell, did it report any errors?
As a note, the pfb_filter is for IP not DNSBL... The DNSBL service is pfb_dnsbl.

I am also not sure what you mean by "lost the block page?"

Run the following and report the output:

ls -lah /var/log/filter.log

ps auxww | grep pfb

Hugovsky

I've also noted that the percentage of domains blocked is at 100%

BBcan177

@hugovsky said in pfBlockerNG-devel feedback:

I've also noted that the percentage of domains blocked is at 100%

Click the trashcan Icon in the Packet column to reset it... The widget wrench also contains some other tunables.

Hugovsky

"Block page" it's the page you see when you go drectly to 10.10.10.1, the vip ip.

Cleared the stats and "block percentage" is ok now.

ls -lah /var/log/filter.log:

[2.4.5-DEVELOPMENT][root@firewall]/root: ls -lah /var/log/filter.log
-rw-------  1 root  wheel   195K Oct  7 17:16 /var/log/filter.log

ps auxww | grep pfb:

[2.4.5-DEVELOPMENT][root@firewall]/root: ps auxww | grep pfb
root    38351   0.0  0.0   10392   7340  -  S    17:18      0:02.08 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
root    38455   0.0  0.2   50880  38640  -  I    17:18      0:01.77 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
root    38468   0.0  0.2   50880  38216  -  I    17:18      0:00.26 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc index
root    38796   0.0  0.2   50880  38632  -  S    17:18      0:00.78 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
root    44777   0.0  0.0    6564   2456  0  S+   17:38      0:00.00 grep pfb
root    48602   0.0  0.0    4340   1956  0  S    17:21      0:00.35 /usr/local/sbin/clog_pfb -f /var/log/filter.log
root    48774   0.0  0.2   50880  38208  0  I    17:21      0:00.25 /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog

BBcan177

@hugovsky

What does this report:

ls -la /usr/local/bin/php*

Try the following:

rm /usr/local/bin/php_pfb

And then restart the pfb_filter service.

Hugovsky

ls -lah /usr/local/bin/php*:

[2.4.5-DEVELOPMENT][root@firewall]/root: ls -lah /usr/local/bin/php*
-rwxr-xr-x  2 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php
-rwxr-xr-x  1 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php-cgi
-rwxr-xr-x  1 root  wheel   2.7K Sep 20 13:18 /usr/local/bin/php-config
-rwxr-xr-x  2 root  wheel   4.6M Sep 20 13:18 /usr/local/bin/php_pfb
-rwxr-xr-x  1 root  wheel   4.4K Sep 20 13:18 /usr/local/bin/phpize

Did what you sugested and no diference.

Hugovsky

Also noted that pfBlocker doesn't log my direct connection to 10.10.10.1. It used to.

Veldkornet

@bbcan177 said in pfBlockerNG-devel feedback:

@veldkornet said in pfBlockerNG-devel feedback:

On my dashboard, DNSBL always has a yellow icon and says
DNSBL is out of sync. Perform a force reload to correct.

Although I’ve already done a force reload a few times...
Also, unrelated to the above, would it be possible to allow the ability to choose your own certificate for DNSBL so that you don’t get certificate errors for the https page?

For the Sync issue: Typically this is caused by having multiple feeds with the same "Header/Label" name. Every Header needs to be unique. Also can be caused if you have a duplicated Feed.

For the Certificate errors, you can fix this in pfBlockerNG-devel, see here:
https://forum.netgate.com/topic/136302/is-hiding-dnsbl-alerts-without-whitlisting-possible

For the sync issue, I went through all the feeds but I didn’t notice any duplicates in Feed or tag... is it possible that there’s a duplicate from the custom feed and the Easylist Shalla (for example)? Or is there another way to track it down?

FYI, I’m using most of these: https://firebog.net

BBcan177

@veldkornet

See the last part of the pfblockerng.log which will summarize all headers.

Failing that, uncheck "keep settings" and hit "save" in the general tab which will clear all downloaded files.

Follow that by rechecking "keep settings", save and a Force update.