pfBlockerNG firewall filter service will not start latest snapshot

  • since updating to snapshot "2.5.0-DEVELOPMENT (amd64) built on Fri Aug 30 19:21:34 EDT 2019"

    The pfBlockerNG firewall filter doesn't seem to start. I tried reinstalling the package but without any luck.

    Using pfBlockerNG-Dev version of the package.

  • LAYER 8

    it's working for me, do you have anything on the logs?

  • I have the same issue after upgrading from some July version to 2.5.0-DEVELOPMENT (amd64) built on Tue Sep 03 08:57:57 EDT 2019. Restarting the daemon only throws a line in the syslog that it's been started, but it doesn't. Should I check out another log?

  • LAYER 8

    pfblockerng-devel have his on log, check it

    Firewall / pfBlockerNG / Log Browser

    what i can see on my system is

    root  94903   0.0  0.1   50536    2268  -  I    23:02       0:00.00 /usr/local/sbin/clog_pfb -f /var/log/filter.log
    root  94965   0.0  1.0   59184   38968  -  S    23:02       0:00.34 /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/ filterlog

    maybe it's not working because it still use clog and after the last update the log file are no more circular?
    i personally don't use it so i don't know if it work or not but it seems to start at least to me

  • LAYER 8 Moderator

    As @jimp wrote in the post, that the CLOG binary would be removed I'm curious as to why the process is running after all. But I suppose pfBNG brought its own version or copy called clog_pfb? On a 2.4.4 those two (clog and clog_pfb) are identical size and date so could be hardlinked or just copied (whysoever?)

  • LAYER 8

    @JeGr i have uninstalled pfblockerng and that clog is no more so it's part of the pfblockerng package. It have its own copy

  • LAYER 8 Moderator

    Did you check the file system if theres a clog_pfb binary left over? Then pfB is bringing its own (what I'm curious about as to why - and why it even has its own php?) and if that's the case the logging should still work.

    The problem is/could be, that with changing the logging structure in 2.5 snapshots, @BBcan177 would have to roll out another fork package of pfBlockerNG like -snapshots for it to incorporate the changes for logging as those would not work in 2.4.4 or less (as they are still clog based). So to accomodate that it would have its log part rewritten and be incompatible with <2.5 versions and as the development is still ongoing (and not pushed to the -stable package), that would be a bit complicated.

    IMHO the best course would be to push the current -stable to sth. like "-old", push -devel to -stable and then use "-devel" für development of new versions matching things like snapshots but that's not something easily done and the workload is already high for him.

  • LAYER 8

    update_status(" done.\n\nCreating Firewall filter service...");
    update_status(" done.\nRenew Firewall filter executables...");
    link('/usr/local/bin/php', '/usr/local/bin/php_pfb');
    link('/usr/local/sbin/clog', '/usr/local/sbin/clog_pfb');

    i have update pfsense
    reinstalled pfblockerng
    i don't have /usr/local/sbin/clog
    of course there isn't also /usr/local/sbin/clog_pfb
    it was removed
    ending with a non working pfBlockerNG ☺

    in the meantime i'm testing this solution if it work .. from clog to tail 😈

    root  26168   0.0  0.1   10648    2264  0  S    12:01      0:00.01 /usr/bin/tail -f /var/log/filter.log

  • LAYER 8 Moderator

    @kiokoman said in pfBlockerNG firewall filter service will not start latest snapshot:

    of course there isn't also /usr/local/sbin/clog_pfb

    Aaah so my hunch was right and he is/was using hardlinks that now won't work on current snapshots as there's no clog binary anymore. Curious though as to why he uses a hardlink at all.

    But yeah, that's why the log view isn't visible at present with newer snapshots :)

  • LAYER 8

    if someone is interested he can try to modify

    on line 38

    change it from

    /usr/local/sbin/clog_pfb -f /var/log/filter.log | /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/ filterlog &


    /usr/bin/tail -f /var/log/filter.log | /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/ filterlog &

    i can't test dnsbl as i don't have unbound but i can see that if i try to go to an ip address in the black list it will redirect


  • It appears this has been fixed in the latest PFBNG devel release.

  • LAYER 8 Moderator

    Quick reaction by @BBcan177 as (almost) always. Nicely done :) and thanks for the details @kiokoman

  • Got same issue but in my case no error is generated, all I see is after I added to watchdog it is been started every minute in the system log, no errors, just stopping right after started.

    If I check logs inside pfblockerng-devel, is no errors.

    Any ideas?

    What does the service even do? as the actual functionality seems fine otherwise.

    2.5-snapshot, on my 2.4.5 unit it is running.

Log in to reply