pfBlockerNG-devel v3.0.0_10
-
A Pull Request has been submitted to the pfSense devs for review and approval:
https://github.com/pfsense/FreeBSD-ports/pull/1039
CHANGE LOG:
- Add doh.dns.apple.com to DoH Block list (SafeSearch page)
- Add RR_TYPE_SIG, RR_TYPE64, RR_TYPE65 to Unbound Python mode DNSBL validation.
- Remove deprecated SafeSearch pfb_dnsbl.firefoxdoh.conf file
- Fix regression with "+" icon Add IP to Whitelist Alias (Reports Tab)
- Add pfSense Uniq_id string to the Curl User Agent String (Should improve BGPView issues for IP Blocked events ASN Reporting.)
- Under the hood improvements to the Widget
- Upgrade DNSBL Unbound mode parser for Lighttpd changes (pfSense 2.5 only)
- Remove AutoShun Feeds
- Unbound Python mode - Improve Log events for potential file permission errors.
- Fix ASN Cache clearing of old ASN Entries, add a "1 Week" ASN Cache option
Continue to follow in the pfSense forum and on Twitter [ u/BBcan177 ], and on Reddit [ r/pfBlockerNG ] and Patreon ( https://www.patreon.com/pfBlockerNG ) for pfBlockerNG news and support.
Thank you for the Continued Support!
-
I upgraded to pfBlockerNG-devel v3.0.0_10 this morning with no issues.
Thank you for all your hard work in creating this great package for pfSense.
-
Install after a half hour still at this point and does not finish.
Tried rebooting and starting again same result.
latest ver, pfsense
Package ReinstallationUpgrading pfSense-pkg-pfBlockerNG-devel...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):Installed packages to be UPGRADED:
pfSense-pkg-pfBlockerNG-devel: 3.0.0_9 -> 3.0.0_10 [pfSense]Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-pkg-pfBlockerNG-devel from 3.0.0_9 to 3.0.0_10...
[1/1] Extracting pfSense-pkg-pfBlockerNG-devel-3.0.0_10: .......... done
Removing pfBlockerNG-devel components...
Menu items... done.
Services... done.
Loading package instructions...
Removing pfBlockerNG...grep: /var/unbound/pfb_dnsbl.conf: No such file or directory
All customizations/data will be retained... done. -
@labdog
See the following redmine:
https://redmine.pfsense.org/issues/11398 -
Seeing these errors in my alert logs.
There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Not sure if its related to me being on 2.4.5 previously? I just upgraded to 2.5.0
-
@smoothrunnings said in pfBlockerNG-devel v3.0.0_10:
There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
What are your Firewall Maximum Table Entries set to in System/Advanced/Firewall & NAT? I believe the recommendation is double the default, minimum 2 million.
-
@teamits 400,000 (without the comma)
-
-
I running NTopng, HAProxy, plus the pfBlockerNG. And today my firewall has been rebooting every hour or so. After it reboots the haproxy, ntopng, and the pfb_dnsbl and pfb_filter services are not running, as soon as I start them the firewall will reboot upto an update from the time of start.
The Firewall Maximum Table has been set to 2000000 and it sell reboots.
(sigh)...looks like I am going to have to rip out pfBlocker. :(
-
@smoothrunnings said in pfBlockerNG-devel v3.0.0_10:
The Firewall Maximum Table has been set to 2000000 and it sell reboots.
Double that.
-
@ronpfs said in pfBlockerNG-devel v3.0.0_10:
@smoothrunnings said in pfBlockerNG-devel v3.0.0_10:
The Firewall Maximum Table has been set to 2000000 and it sell reboots.
Double that.
Ok it's double now. Let's see how it goes. Fingers crossed.
-
@smoothrunnings From what I read double it until the rules load.
-
@ronpfs said in pfBlockerNG-devel v3.0.0_10:
@smoothrunnings From what I read double until the rules load.
For what it's worth, on my system it is showing 4000000 as the default for the Firewall Maximum Table Entries. I thought it was set 2000000. I am not having any issues with any problems.
-
pfSense keeps rebooting. I am up to 8000000, just about to double it again. so that will be 16000000.
Looks like there is a problem with pfBlockerNG.
-
I'm going to post here only because it's the version I installed today. :) I can shorten the description significantly just by saying that if pfBlockerNG has its Enable box unchecked, and I go to the Update tab and click Run, the page scrolls up an inch or two then snaps back to the top of the page and nothing happens.
IOW the update process only runs if the Enable box is checked. That's logical, I suppose, for automatic updates, but I figured I would get everything ready before enabling it...and there is no error or notice that it won't run. The log has no output. Perhaps some sort of output that "pfBlocker is disabled, why did you click to update, you knucklehead?"
@jdeloach said in pfBlockerNG-devel v3.0.0_10:
showing 4000000 as the default for the Firewall Maximum Table Entries
The default varies based on RAM, IIRC. Interestingly the SG-2100 I was setting up came with 2.4.5, we upgraded to 21.02, and it was showing as 400000. But after I changed it to 2m I noticed it says the default is 2m. So perhaps it increased in 21.02?
@smoothrunnings said in pfBlockerNG-devel v3.0.0_10:
pfSense keeps rebooting
The out of memory error can't really cause a reboot AFAIK. I think those are two different symptoms. You only need a table size big enough to handle the table entries you're loading.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
You likely aren't running the extra stuff I have such as haproxy, and ntopng. I also have my guest WiFi connection going through my pfSense from Unifi. It wasn't crashing before I installed pfBlockerNG, after that's been nothing but issues. :(
-
@teamits said in pfBlockerNG-devel v3.0.0_10:
So perhaps it increased in 21.02?
Nope, it just take your number as default. :)
-
@ronpfs said in pfBlockerNG-devel v3.0.0_10:
Nope, it just take your number as default. :)
You're right. That's dumb. 2.4.5 does that too.
-
@teamits said in pfBlockerNG-devel v3.0.0_10:
@smoothrunnings said in pfBlockerNG-devel v3.0.0_10:
pfSense keeps rebooting
The out of memory error can't really cause a reboot AFAIK. I think those are two different symptoms. You only need a table size big enough to handle the table entries you're loading.
So provide me with the tool/instructions to verify that instead of just stating it.
What I am stating and will continue to state is I am running this on a WatchGuard M400 with an intel i5-4750, 8GB of RAM, and 250GB SSD.
Since last week I have been running my M400 with DHCP services for my WiFi Guest network, along with haproxy and ntopng for about a year without any issues, at the time I installed pfBlockerNG 3.0 Devel I was running on 2.4.5 and was getting the random reboots of pfSense on 2.4.5 which why I rolled over to 2.5.0.
Looking at my pfSense this morning its uptime is 55 minutes right now, meaning through the night its rebooted.
I think at this point someone needs to give me a hand looking through the logs to see why the pfsense keeps rebooting. Maybe it's coincidence that it started happening after pfBlockerNG was installed, but maybe it's it not, no one will really know until I get some help (the firewall just rebooted again), looks like its this time it hit about 6764 blocked IPs and rebooted. As I was saying the answer will likely be in the logs, but I don't know what to look for, so instead of just pointing fingers or saying "its working here" help.
Thanks,
-
@smoothrunnings Maybe start a new forum post with Settings info and logs.
