Packet Counts Not Updating in pfBlockerNG Widget
-
Hi all,
I upgraded to pfBlockerNG-devel 3.0.0_1 this week on pfSense 2.4.5p1, but for some reason the packet counters for the two IPv4 lists I'm using no longer increment in the pfBlockerNG-devel widget (i.e. continue to stay at 0). Looking at the Reports tab, I see that the Alert lists (logs) are still getting updated though. I already tried reinstalling the package but it didn't seem to help. Does anyone have any ideas what else I could try? This worked fine in the previous version. Thanks in advance in advance your help.
-
@tman222 said in Packet Counts Not Upadting in pfBlockerNG Widget:
Hi all,
I upgraded to pfBlockerNG-devel 3.0.0_1 this week on pfSense 2.4.5p1, but for some reason the packet counters for the two IPv4 lists I'm using no longer increment in the pfBlockerNG-devel widget (i.e. continue to stay at 0). Looking at the Reports tab, I see that the Alert lists (logs) are still getting updated though. I already tried reinstalling the package but it didn't seem to help. Does anyone have any ideas what else I could try? This worked fine in the previous version. Thanks in advance in advance your help.
I'm seeing the same thing. I deleted my old IP lists that were working before I upgraded to 3.0.0_1 but the counts are still staying at 0. I added some new lists but the counts still stay at 0.
DNSBL seems to be working fine but something seems to have gone south with the IP 4/6/GEOIP lists. Really don't know even if it blocking anything or not?
Hopefully @BBcan177 can take a look and let us know what the issue is.
Edit: This is happening on pfSense 2.4.5-p_1.
-
@jdeloach said in Packet Counts Not Upadting in pfBlockerNG Widget:
@tman222 said in Packet Counts Not Upadting in pfBlockerNG Widget:
Hi all,
I upgraded to pfBlockerNG-devel 3.0.0_1 this week on pfSense 2.4.5p1, but for some reason the packet counters for the two IPv4 lists I'm using no longer increment in the pfBlockerNG-devel widget (i.e. continue to stay at 0). Looking at the Reports tab, I see that the Alert lists (logs) are still getting updated though. I already tried reinstalling the package but it didn't seem to help. Does anyone have any ideas what else I could try? This worked fine in the previous version. Thanks in advance in advance your help.
I'm seeing the same thing. I deleted my old IP lists that were working before I upgraded to 3.0.0_1 but the counts are still staying at 0. I added some new lists but the counts still stay at 0.
DNSBL seems to be working fine but something seems to have gone south with the IP 4/6/GEOIP lists. Really don't know even if it blocking anything or not?
Hopefully @BBcan177 can take a look and let us know what the issue is.
Thanks @jdeloach for confirming that this seems to be a broader issue (vs. isolated to my system). I get the sense that the blocking is still working since logs under Reports are still getting populated, but would be nice if we could get additional confirmation via the widget again.
-
@jdeloach - for the lists where the counters stay at 0, do you have their Action defined as just Alias (e.g. Alias Permit, Alias Native, Alias Match)? If you try switching one of them over to Permit or Deny, do the counters start working? From what I'm seeing right now, only lists defined with Action as Alias do not work appear to count up properly. Thanks in advance.
-
@tman222 said in Packet Counts Not Updating in pfBlockerNG Widget:
@jdeloach - for the lists where the counters stay at 0, do you have their Action defined as just Alias (e.g. Alias Permit, Alias Native, Alias Match)? If you try switching one of them over to Permit or Deny, do the counters start working? From what I'm seeing right now, only lists defined with Action as Alias do not work appear to count up properly. Thanks in advance.
I had Alias Native for action defined on all IP lists and the counts were staying at 0. Per your suggestion, I changed action to Deny Both on my IP lists and now in Dashboard, it is showing counts as it should.
Per chat from @BBcan177 last night which I missed, he stated that he had seen issues with the counts staying at 0 with pfSense 2.5 but had not seen the issue with pfSense 2.4.5-p1.
So now maybe the problem is just if the Action is defined as Alias "Native, Deny, Permit, or Match".
Thanks for the tip, maybe @BBcan177 can take a look when he has time and see why Action, Alias "Native, Deny, Permit, or Match" doesn't work.
-
This post is deleted! -
@BBcan177 : I can confirm the counters are not working in the widget when you use Action "Alias Deny" with your own floating rules (not auto created by pfBlockerNG-dev v3.0.0_2).
This used to work in dev-2 -
Here is a patch to fix the packet counting for Alias Type rules.
Will get this pushed into the next version asap:curl -o /usr/local/www/widgets/widgets/pfblockerng.widget.php "https://gist.githubusercontent.com/BBcan177/22a3c6b6fe9b7b5f7415dfaa189c49a4/raw"
-
@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:
Here is a patch to fix the packet counting for Alias Type rules.
Will get this pushed into the next version asap:curl -o /usr/local/www/widgets/widgets/pfblockerng.widget.php "https://gist.githubusercontent.com/BBcan177/22a3c6b6fe9b7b5f7415dfaa189c49a4/raw"
Hmmm, this doesn't seem to be working for me. Is there anything else that needs to be done besides running the command to replace the PHP file? Thanks again.
-
This post is deleted! -
With @BBcan177's help it's working now and I can confirm that the packet counters are increasing.
Turns out that one thing I neglected was that the firewall rule description for the rule that uses the pfBlockerNG Alias needs to start with "pfb_". So for instance if there's an IPv4 blocklist "myblocklist" defined as an Alias, adding pfb_myblocklist_v4" at the beginning of the firewall rule description allows it to work.
Thanks again @BBcan177 for all your help in getting this working again.
-
So I tried the recommended fix to add the blocklist name in the description and everytime i did a force reload the rule disappears. Readding the rule without any description at least allows the rule to persist, however the counter is still not working on the dashboard.
Is there any way to revert to the last dev version of pfBlockerNG prior to 3.0 release? That was working fine for me.
-
For Alias type rules, you need to prefix the Firewall rules Descriptions with "pfb_" in order for those to be reported in the Dashboard widget, and also so that they are not removed by the package.
The prefix "pfB_" is reserved for Auto type rules, and those are controlled automatically by the package.
-
@bbcan177 I added the prefix and now the rule is not being deleted on reload, however the dashboard widget is still not incrementing when I test with IPs from the list.
-
@mlines
See my post above for the patch ^^^^^ -
@bbcan177 I applied the patch from the command line, and then both reloaded and rebooted. Still not updating the counts, though the blocks appear to be working.
-
@bbcan177 Not sure if this is related, but checking /var/log/pfblockerng/, these are the only files I see listed:
dnsbl_parsed_error.log maxmind_ver
extras.log pfblockerng.log -
@mlines
If you are on pfSense 2.5, did you change the Log format to "syslog"? If so, it will only work with "BSD" format. I will address that in the upcoming versions. -
@bbcan177 I'm on 2.4.5 p1 on a SG-1100. I have changed the types from Alias Deny to Deny Both and now the counts are working for IP blocks. Still not showing for DNSBL. Continuing to investigate.
-
@bbcan177 said in Packet Counts Not Updating in pfBlockerNG Widget:
For Alias type rules, you need to prefix the Firewall rules Descriptions with "pfb_" in order for those to be reported in the Dashboard widget, and also so that they are not removed by the package.
The prefix "pfB_" is reserved for Auto type rules, and those are controlled automatically by the package.
Hi bbcan177,
I have alias deny, and the name say for example "level1" under "name/description" tab under IPv4. When I run the update it creates Alias named pfB_level1, under alias. I do not know how to change the pfB_level1 to pfb_level1. May be I am misunderstanding this. Should it be pfB_pfb_level1.
I also tried changing the "name/Description" tab to pfb_level1. The new alias created was "pfB_pfb_level1", but the counters under widget did not change.
Please let me know what am I doing wrong. I am on 2.4.5_p1
Many thanks,
Molecule
