pfBlockerNG-devel v2.2.5_18


  • Moderator

    pfBlockerNG-devel v2.2.5_18 has been merged and approved by the pfSense devs.

    CHANGELOG:

    • PHPv7 improvements
    • Improve some input validations
    • Add Wizard Tool for default (entry level) installation.
      4 clicks to an entry level installation of IP and DNSBL blocking protection!
      https://www.patreon.com/posts/new-pfblockerng-22049064
    • Add ASN Reporting functionality. This will collect the ASN for all IP events. The ASN will be in the Alerts Tab below the GeoIP value.
    • Improve ASN -> IP Conversion function utilizing BGPview.io
    • Improve Auto Rule Order functions
      The Default rule order has been improved to put any pfB Permit rules first.
      Please check your Rule ordering to ensure that the changes are working as expected!
    • IP Suppression default enabled on new installations
    • Improve installation script and logging
    • ZeroDot1 IP Feed (CoinBlocker) has moved to a subscription model. Feed Tab has been updated.
    • Sync Tab - Added the IP Tab to the excluded XML sync option.
    • Add DNSBL SQLite3 database validation functionality.

    Any feedback appreciated!

    Thanks!

    Follow me here for more news about pfBlockerNG:
    https://twitter.com/BBcan177
    https://www.patreon.com/pfBlockerNG



  • 😄 😄 😄 Thank you


  • Moderator

    Ooops just saw that now ;)
    -> https://forum.netgate.com/post/800911

    Great work so far!

    Just reading:

    4 clicks to an entry level installation of IP and DNSBL blocking protection!

    Maybe my cluster setup but did the wizard, anything looks like it's enabled per default, but no rules are created on LAN. That's intentional?


  • Moderator

    @jegr said in pfBlockerNG-devel v2.2.5_18:

    Maybe my cluster setup but did the wizard, anything looks like it's enabled per default, but no rules are created on LAN. That's intentional?

    Re-run the wizard and ensure that the LAN Interface was selected... If it didn't apply a second time, might need to get some more details... Also check the pfblockerng.log if there are any other clues...


  • Moderator

    Alright, just a moment :)

    Edit:

    Done. Redid the Wizard. WAN and LAN were selected. After step 4 auto-updated triggered just like the first time. No errors in update log, completed normally. Afterwards were skimming through it and spotted it:

    Unable to apply rules. Outbound interface option not configured.

    But all interfaces in all screens relevant are configured?


  • Moderator

    @jegr said in pfBlockerNG-devel v2.2.5_18:

    Unable to apply rules. Outbound interface option not configured.

    After the wizard ran, is the Outbound interface selected in the IP Tab?

    grep "<outbound_interface" /conf/config.xml

  • Moderator

    Tried again:

    1. complete uninstall with keep settings UNchecked so full uninstall
    2. new install
    3. wizard, wan/lan selected, alternative ip 10.20.30.4 used (as the lan is within 10.10.10.x range)
    4. waited for updating

    After 4) I checked wizard.log -> all clear, no errors.
    Checked pfblockerng.log -> same error as above in between the update jobs.

    [ Talos_BL_v4 ]			 Downloading update .. 200 OK. completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      1382     1297       1297        [ Pass ] 
      -----------------------------------------------------------------
    
    
    
    *Unable to apply rules. Outbound interface option not configured.
    
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    

    In the IP tab:

    • inbound: WAN IF is selected with option block
    • outbound: LAN IF is selected with option reject

    WAN/LAN don't have their standard "names", but are selected nevertheless. LAN is also selected as webserver IF in DNSBL tab.



  • I just updated an existing install of 2.2.5_17 to the new version and I to am having the same issue now. The previous version was working great.

    I am also seeing the "Unable to apply rules. Outbound interface option not configured.". I checked and found the outbound interface options are still set correctly. All of my pfb aliases are now gone.

    No errors in the logs that I can see.


  • Moderator

    @tagit446 said in pfBlockerNG-devel v2.2.5_18:

    I just updated an existing install of 2.2.5_17 to the new version and I to am having the same issue now. The previous version was working great.
    I am also seeing the "Unable to apply rules. Outbound interface option not configured.". I checked and found the outbound interface options are still set correctly. All of my pfb aliases are now gone.
    No errors in the logs that I can see.

    I submitted a PR which is waiting on approval:
    https://github.com/pfsense/FreeBSD-ports/pull/586

    Run this command to download a patched file:

    fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/15383a6b67b0b24154997a7ad5c3c66a/raw"
    


  • @bbcan177 said in pfBlockerNG-devel v2.2.5_18:

    fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/15383a6b67b0b24154997a7ad5c3c66a/raw"

    This appears to have fixed the issue.

    It's seriously only been a few minutes since i posted, thanks so much for the speedy reply and fix!


  • Moderator

    @tagit446 said in pfBlockerNG-devel v2.2.5_18:

    It's seriously only been a few minutes since i posted, thanks so much for the speedy reply and fix!

    Your welcome!