pfblocker on version 2.4.5 stuck in Reloading Unbound Resolver (1st run)

mcury

Hello forum, installed the pfsense version 2.4.5.r.20200128.2345 on my SG-3100, it's a new install.
Decided to install pfblocker devel, and noticed that the service doesn't come up.

Logs during the database update:

Saving DNSBL database... completed

------------------------------------------------------------------------
Assembling DNSBL database... completed [ 01/29/20 17:01:31 ]
Reloading Unbound Resolver  <<<< Stuck here

Opened a new session to the GUI, and found this error:

Crash report begins.  Anonymous machine information:

arm
11.3-STABLE
FreeBSD 11.3-STABLE #67 7a31f290955(factory-RELENG_2_4_5): Tue Jan 28 23:45:52 EST 2020     root@buildbot2-nyi.netgate.com:/build/factory-crossbuild-245/obj/armv6/a2TkGfed/arm.armv6/build/factory-crossbuild-245/sources/FreeBSD-src/sys/pfSense-SG-3100

Crash report details:

PHP Errors:
[29-Jan-2020 17:00:29 Etc/GMT+3] PHP Warning:  sort() expects parameter 1 to be array, null given in /usr/local/www/pfblockerng/pfblockerng.php on line 1804
[29-Jan-2020 17:00:29 Etc/GMT+3] PHP Warning:  count(): Parameter must be an array or an object that implements Countable in /usr/local/www/pfblockerng/pfblockerng.php on line 1805
[29-Jan-2020 17:00:29 Etc/GMT+3] PHP Warning:  Invalid argument supplied for foreach() in /usr/local/www/pfblockerng/pfblockerng.php on line 1809



No FreeBSD crash data found.

Not sure what I should do to fix.

jimp

We're tracking a potential issue on the SG-3100 that may be related. If you have the BSD Crypto engine enabled under System > Advanced, Misc tab, it may be hanging up talking to the crypto chip. You can try disabling that, or moving back to 2.4.4-p3 while we work on it.

mcury

Thanks Jimp.
The crypto is already disabled, it's a fresh install, so it was still with the default settings.

I'll wait for further news about this, thanks Jimp.

jimp

OK, then it may not be that but a different issue entirely. There may be something amiss in pfBlocker in your case then.

mcury

I ran the Wizard, got some errors during a download from hp-hosts.
So disabled that list, and downloaded again, that's when the problem happened.

Watching my boot process after the reboot, it's stuck in:

Starting package nut...done.

My guess it's trying to start pfblocker, and it's not working.
I'll try to remove the package.

jimp

If you are watching the console and it's hung up, try pressing ^T (ctrl-t) and see what it displays.

mcury

It displayed:

load: 0.42 cmd: fcgicli 74551 [sbwait] 240.29r 0.00u 0.00s 0% 1744k

I'm trying to remove the package, and it's stuck in:

Menu items... done.
Services... done.
Loading package instructions...
Removing pfBlockerNG...  << stuck here

PID:
74551 is :

root 74551 0.0 0.1 5872 1752 u0 I+ 17:17 0:00.00 /usr/local/sbin/fcgicli -f /etc/rc.start_packages

Killed the process and the console finished the boot:

[2.4.5-RC][root@pfSense.local.lan]/root: killall -KILL fcgicli

I'll reboot, kill the fcgicli process, and try to remove the package.

jimp

OK, that's definitely not the problem I mentioned earlier, then.

mcury

Ok Jimp, unfortunately now I can't remove the package. Stuck in removing pbblockerng.

I have a backup config from before I've installed the pfblocker, I'll try to restore it.
Do you think that this is the best way? Restore the config just to remove this package?

Or should I kill something else? Maybe it's a stuck process for pblocker that is not allowing it to be removed?

jimp

Not enough info to say definitively. From a console or ssh shell prompt you might try running pkg delete -yf pfSense-pkg-pfBlocker\* and see what happens there. If it gets stuck again, maybe try ^T and see what it's stuck on again. You may be able to connect with ssh and kill the stuck process, depending on what it is and what state it's in.

mcury

Thanks a lot Jimp, always learning new things when the devs speaks :)
I'll try that and update here, maybe it will help someone in the future.

mcury

Had to restore the config, after the restore, the package was installed but I could remove it from the package manager.

Attempt before the config restoration.

[2.4.5-RC][root@pfSense.local.lan]/root: pkg delete -yf pfSense-pkg-pfBlocker\*
No packages matched for pattern 'pfSense-pkg-pfBlocker*'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing

Not sure what could have happened, everything almost to the default settings.
Didn't even set the maxmind, won't be using geoIP, so, just ran the wizard without the hp-hosts list.