pfBlockerNG-devel 2.2.5_17: IP Alerts list (Deny) not showing alerts



  • Hello; On pfBlockerNG-devel, version 2.2.5_17(and 2.2.5_17) never showed within IP Alerts (Deny) any IP List on a fresh install of pfSense 2.4.4-RELEASE (amd64) .

    I did reboot the router; and did restart both :

    pfb_dnsbl pfBlockerNG DNSBL service
    pfb_filter pfBlockerNG firewall filter service

    I do not know if the IPs are blocked, or just the list not showing.

    0_1538570879904_IP Alerts Deny.PNG

    How to verify that IPs addresses are blocked, from the feeds; and how to have the list to show them?

    Thanx


  • Moderator

    @aritus any errors in the pfblockerng.log? I assume that you enabled logging for these IP Aliases?



  • Hello BBcan177; nothing specific within pfblockerng.log as error; only about downloading a rule or so).

    • I did try to uninstall (for a re-install) pfBlockerNG-devel, version 2.2.5_17 ; and the dialogue shows :Please wait while the update system initializes"; No more lines were generated (Same with 2.2.5_16 did happen); yet the package looks like got uninstalled when I check Packages page.

    • Did reboot pfSense router; and re-install 2.2.5_17 package; no errors like 2.2.5_16 I saw before:

    "PHP errors

    PHP ERROR: Type: 1, File: /usr/local/pkg/pfblockerng/pfblockerng_install.inc, Line: 232, Message: Uncaught Error: Cannot create references to/from string offsets in /usr/local/pkg/pfblockerng/pfblockerng_install.inc:232
    Stack trace:
    #0 /etc/inc/pkg-utils.inc(768) : eval()'d code(1): include_once()
    #1 /etc/inc/pkg-utils.inc(768): eval()
    #2 /etc/inc/pkg-utils.inc(854): eval_once('include_once('/...')
    #3 /etc/rc.packages(74): install_package_xml('pfBlockerNG-dev...')
    #4 {main}
    thrown @ 2018-09-30 22:46:16"
    
    • Restarted both services:
      pfb_dnsbl pfBlockerNG DNSBL service
      pfb_filter pfBlockerNG firewall filter service

    • No IP List shows up.

    I am not very fluent with pfSense setup; I could have missed a setting; the more details you do give me on how to troubleshoot, the better it is. I don't mind neither sharing the logs (be detailed on obtaining them) since I might miss on what could be a clue.

    Below, is an image of the IPv4 IP feeds I did add:

    0_1538672358501_phsense ipv4.PNG

    When you say 'I assume that you enabled logging for these IP Aliases?' is there a check mark I need to make sure it is ticked?

    Thank you for your help, and the program : )



  • @bbcan177

    Here are the re-install logs:

    "Loading package instructions...
    Custom commands...
    Executing custom_php_install_command()...
    MaxMind GeoIP databases previously downloaded.
    Adding pfBlockerNG Widget to the Dashboard... done.
    Creating Firewall filter service... done.
    Remove any existing and create links for Firewall filter executables... done.
    Starting Firewall filter Service... done.
    Creating DNSBL service... done.
    Remove any existing and create link for DNSBL lighttpd executable... done.
    Creating DNSBL web server config ... done.
    Creating DNSBL Certificate... done.
    Starting DNSBL Service... done.
    Upgrading Adv. Inbound firewall rule settings ... no changes required ... done.
    Upgrading OpenVPN/IPSec interface selections... no changes required ... done.
    Upgrading EasyList/Easyprivacy category settings... no changes required ... done.
    Upgrading Proofpoint/ET IQRisk settings... no changes required ... done.
    Upgrading General Tab -> IP Tab settings... no changes required ... done.
    Upgrading pfBlockerNGSuppress Alias -> IPv4 Suppression Customlist... no changes required ... done.
    Custom commands completed ... done.
    Executing custom_php_resync_config_command()...done.
    Menu items... done.
    Services... done.
    Writing configuration... done.
    Message from lua52-5.2.4:

    ===> NOTICE:

    The lua52 port currently does not have a maintainer. As a result, it is
    more likely to have unresolved issues, not be up-to-date, or even be removed in
    the future. To volunteer to maintain this port, please create an issue at:

    https://bugs.freebsd.org/bugzilla

    More information about port maintainership is available at:

    https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port

    Cleaning up cache... done.
    Success"



  • Take a look at pfblockerNG.log in Firewall / pfBlockerNG / Log Browser

    Did you go to Firewall / pfBlockerNG / Update and did a Force Reload All ?

    One thing that may fix some issues is to go to General, IP and DNSBL tab and click on Save settings. Then run a Force Reload All



  • @ronpfs

    IP Deny List is generating at this moment !

    It could had been a setting I did miss on the IP Configuration page:
    Firewall / npfBlockerNG / IP

    At "IP Interface/Rules Configuration" browser I did highlight both (WAN & LAN) options (both since frankly I don't know which to choose) at:

    • Inbound Firewall Rules
    • Outbound Firewall Rules

    Then I did follow your steps to "Force Reload"

    0_1538702336319_pfsense ip config page.PNG

    I do apologize for error on my side, in setting up pfBlockerNG; I hope this will help someone else too.

    Thank you BBcan177 & RonpfS for your help and time on this.

    Thank you



  • @aritus On my box I have selected WAN for Inbound, and LAN for Outbound. 😉