pfBlockerNG fullfill the pfsense config history



  • Hi !

    I set pfBlockerNG to update DNSBL hourly, and it works fine.
    But this hourly update use to be logged in the pfsense config history, and this cause the history to be full of pfBlockerNG update, so we rae unable to restore settings from other services.

    It could be great if pfBlockerNG could manage its own log file and only use pfsense config history to log changes in settings made by operator (not by cron).
    pfconfig.jpg



  • Hi all !

    No help about this issue ?



  • @Autourdupc Are you using pfBlockerNG-devel? If not, that's the version you should install.



  • @NollipfSense said in pfBlockerNG fullfill the pfsense config history:

    @Autourdupc Are you using pfBlockerNG-devel? If not, that's the version you should install.

    Hello.
    I'm using pfBlockerNG-devel !



  • Hello!

    Have you installed the shellcmd package?
    Do you see any shellcmd related messages in the pfblockerng.log file?

    grep -i shellcmd /var/log/pfblockerng/pfblockerng.log
    

    John



  • @serbus said in pfBlockerNG fullfill the pfsense config history:

    Hello!

    Have you installed the shellcmd package?
    Do you see any shellcmd related messages in the pfblockerng.log file?

    grep -i shellcmd /var/log/pfblockerng/pfblockerng.log
    

    John

    Hum...
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **
    ** Adding earlyshellcmd settings **
    ** Adding shellcmd package settings **

    But no shellcmd package installed !

    pfsensepackages.jpg



  • Hello!

    Are you using ram disks?

    John



  • @serbus said in pfBlockerNG fullfill the pfsense config history:

    Hello!

    Are you using ram disks?

    John

    Yes I do

    pfsense.jpg



  • Hello!

    It looks like there is a issue in the pfb code (bad reference var usage in pfb_aliastables()) where it tries to create the earlyshellcmd and shellcmdsettings. Those changes never make it into the config.xml, so it just keeps trying to write them everytime pfb updates.

    It might be a problem if you are using ramdisks. It is actually writing a "new" config file every time, so the logging is correct.

    John



  • @serbus said in pfBlockerNG fullfill the pfsense config history:

    Hello!

    It looks like there is a issue in the pfb code (bad reference var usage in pfb_aliastables()) where it tries to create the earlyshellcmd and shellcmdsettings. Those changes never make it into the config.xml, so it just keeps trying to write them everytime pfb updates.

    It might be a problem if you are using ramdisks. It is actually writing a "new" config file every time, so the logging is correct.

    John

    OK...
    What should I do ?
    Where is the bug ? How can I help ?



  • Hello!

    In /usr/local/pkg/pfblockerng/pfblockerng.inc, function pfb_aliastables

    The code initializes placeholders in the config and creates variable references to them using:

    init_config_arr(array('system', 'earlyshellcmd'));
    $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
    
    init_config_arr(array('installedpackages', 'shellcmdsettings', 'config'));
    $a_shellcmdsettings = &$config['installedpackages']['shellcmdsettings']['config'];
    

    Later on in the $mode == 'conf' clause, it goes to populate those config settings, but before that it does :

    // Reload config.xml to get any recent changes
    $config = parse_config(true);
    

    I think reparsing the config has the effect of wiping out the config placeholders that were created in the init_config_arr calls, and the var references are invalid. The final write_config works, but it is missing the new shell related items.

    You can comment out the call to parse_config and it will work, but you will not "get any recent changes"

    I suppose you could also move the parse_config to the top of the function, before the init_config_arr calls, and that could work, but you might be reparsing the config more than needed.

    Or maybe something else is going on....:)

    John



  • @serbus
    If I remove RAM disk, will it work ?



  • Hello!

    Disabling the ram disk should stop the frequent "saving earlyshellcmd" config file updates.

    John



  • @serbus said in pfBlockerNG fullfill the pfsense config history:

    Hello!

    Disabling the ram disk should stop the frequent "saving earlyshellcmd" config file updates.

    John

    Great... Thanks... I will.

    Is there a way to place this bug on a bug tracker ?



  • @serbus
    I removed RAM disk and it works correctly.
    I also opened a bug report for this in the bug tracker.

    Thank you very much for your time and your help, greatly appreciated.

    Laurent.


Log in to reply