How to fully uninstall pfBlockerNG

gabric098

Hi all,
I'm currently running a SG-1100 with 2.4.4-RELEASE-p3 of pfSense.
I've installed the latest devel version (_28) of pfBlockerNG. Unfortunately I experienced some connectivity issues and, since I don't have much time to debug, I decided to just uninstall the package.
Everything seemed to be fine but now I keep getting these errors:

There were error(s) loading the rules: /tmp/rules.debug:29: cannot define table pfB_Europe_v4: Cannot allocate memory - The line in question reads [29]: table &lt;pfB_Europe_v4&gt; persist file &quot;/var/db/aliastables/pfB_Europe_v4.txt&quo

It looks like there's still something related to pfBlockerNG which didn't get uninstalled and I still see connectivity issues.
Is there a way to ensure every pfBlockerNG related thing gets removed from pfSense?

Thanks,
Gab

RonpfS

@gabric098 said in How to fully uninstall pfBlockerNG:

there's still something related to pfBlockerNG which didn't get uninstalled and I still see connectivity issues.
Is there a way to ensure every pfBlockerNG related thing gets removed from pfSense?

If the package is removed, you may have Firewall Aliases and/and Rules left in place. Remove everything related to pfBlockerNG.

gabric098

Thanks @RonpfS.
There were indeed still all aliases and rules in place. I've removed them. However, upon reboot I keep seeing

Stopping /usr/local/etc/rc.d/pfb_dnsbl.sh...done.
 Stopping /usr/local/etc/rc.d/pfb_filter.sh...done.

Which still seems stuff related with pfBlockerNG, right?

Thanks,
Gab

RonpfS

Yes they are leftover.
Check that the package is removed.
Install it again, remove it to see if this clean things.

gabric098

@RonpfS said in How to fully uninstall pfBlockerNG:

Yes they are leftover.
Check that the package is removed.

Are there any better ways to check if the package has been removed (apart from the webGUI)?

RonpfS

@RonpfS said in How to fully uninstall pfBlockerNG:

Are there any better ways to check if the package has been removed (apart from the webGUI)?

Yes if you go in the shell but this will take time ...

Just install it, disable pfBlockerNG, uninstall it.
Then there should be no services left, FW Rules and Aliases should be wiped, etc.

gabric098

I just completed the process of installing/removing the package.
I had a look to the config.xml file and the pfblockerng section is still in the installedpackages section.... wierd.

RonpfS

@gabric098 said in How to fully uninstall pfBlockerNG:

I just completed the process of installing/removing the package.
I had a look to the config.xml file and the pfblockerng section is still in the installedpackages section.... wierd.

There is a "Keep Settings" option in pfblockerNG, if you want to wipe your config from pfBlockerNG,

Install it, Untick the "Keep Settings", Save, this will wipe the DB.
Uninstall pfBlockerNG, then it should be gone from your config.

gabric098

Thank you @RonpfS ,
this helped cleaning up the config.xml.
However I still see the CRON messages

Starting CRON... done.
 Starting /usr/local/etc/rc.d/pfb_dnsbl.sh...done.
 Starting /usr/local/etc/rc.d/pfb_filter.sh...done.

Is there a GUI way to edit cron?

RonpfS

There is a cron package

gabric098

Yes, I've installed it but I can't see anything relevant here:

pfsense home - Services Cron Settings.png

RonpfS

Yeah the log lines had nothing to do with Cron.

The are related to the Status / Services tab.

gabric098

mmm... I'll leave it for tonight.
I'll investigate more tomorrow. IT's not the end of the world since those 2 scripts don't do anything as there's nothing configured in config.xml, but it just annoys me the fact that I can't get rid of them.

Anyways... thanks for you support, really appreciated.

Gab

gabric098

Eventually I ended up manually deleting the two above mentioned scripts. That sorted out the message displayed on system startup and shutdown. Not sure if it's a pfBlockerNG bug, as I didn't find any other person reporting this problem, I assume it's just some strange corner case that happened to me.

Gertjan

@gabric098 said in How to fully uninstall pfBlockerNG:

( /usr/local/etc/rc.d/ ) pfb_filter.sh

Is created during install - if it doesn't exist already.
Nota (from pfblockerng.inc) :

// Create DNSBL service
if (!file_exists('/usr/local/etc/rc.d/pfb_dnsbl.sh')) {
	pfb_dnsbl_service();
}

When pfBlocker-NG is de-installed, this "service" file pfb_dnsbl.sh isn't removed.
Not a big deal ... even if this services start/stop/restart script runs, pfBlocker-NG can only run if it's installed.
A minor issue is the presence of the log entries that suggest it's still there.

Bigger issue : as deducted from above : ones /usr/local/etc/rc.d/pfb_dnsbl.sh exists, it will not get 'rebuild' any more during a new install or upgrade because it's already in place.

@BBcan177 : right or wrong ?

edit : same story for the service "pfb_filter.sh".

gabric098

@Gertjan said in How to fully uninstall pfBlockerNG:

When pfBlocker-NG is de-installed, this "service" file pfb_dnsbl.sh isn't removed.
Not a big deal ... even if this services start/stop/restart script runs, pfBlocker-NG can only run if it's installed.

Couldn't this cause any issues in case the pfBlocker-NG is uninstalled with the keep settings option checked? It looks very similar to the issue I had initially.
The script seems to look for a specific pfblockerNG setting in config.xml which, upon a keep settings uninstall is not removed.

Just wondering, I have close to zero knowledge about pfblockerNG

Thanks,
Gab

Gertjan

These settings are all and only stored in the main pfsense config xml file.
All other files on the disk should be removed. It's not a "setting", after all.

@gabric098 said in How to fully uninstall pfBlockerNG:

zero knowledge about pfblockerNG

Me neither.
That's why I read the installation manual(aka : the php and xml files that install pfblockerNG are in plain old school English ...).