Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-3100 21.02_2 pfB 3.0.0_16 - It was working but now it isn't

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    5 Posts 2 Posters 739 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury
      last edited by mcury

      Had to reinstall and restore xml config due to a power outage..
      Before reinstall, pfblockerng was working flawless with the following feeds:

      IP (default installed with pfblockerng)
      Abuse_Feodo_C2_v4, Abuse_IPBL_v4, Abuse_SSLBL_v4, CINS_army_v4, ET_Block_v4, ET_Comp_v4, ISC_Block_v4, Spamhaus_Drop_v4, Spamhaus_eDrop_v4, Talos_BL_v4 ]

      IP Added:
      GeoIP: BR_v4
      PlexRemoteCheck_v4 - very small list: https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt

      DNSBL Default: (default installed with pfblockerng)
      StevenBlack_ADs

      DNSBL Added:
      Complete Malicious - Collection of Malicious Domain Feeds

      Now, I'm getting the php dump error during reboot... It seems that there is something else happening here, not only the php error, otherwise it wouldn't be working before the reinstall..
      By the way, exactly same configuration..

      dead on arrival, nowhere to be found.

      M 1 Reply Last reply Reply Quote 0
      • M
        mcury @mcury
        last edited by mcury

        Hey, it's working now..

        It seems that when you install pfblockerng, you can't have any ipsec tunnels configured.

        So, what I did was to remove all my IPsec tunnels, install pfblockerng, configure it accordingly, then configure my ipsec tunnels after that..

        f89eb56b-8bbe-462a-8c35-151009d4d80c-image.png

        It working flawless again.. No php errors..

        Can someone test and confirm what I found ??

        Edit: Rebooted a few times, and the error happened, so removed again the ipsec tunnels, and rebooted 5 times, no more errors.. I guess that there is something with ipsec and pfblockerng that triggers the problem.. Without any tunnels configured, the php error is not triggered.. no matter how large the feeds lists are.

        dead on arrival, nowhere to be found.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Can you try the patch to disable PHP PCRE JIT on #11466 Note 32 ?

          You can install the System Patches package and then create an entry for the patch URL https://redmine.pfsense.org/attachments/download/3707/patch-disable-pcrejit-arm.diff to apply the fix.

          Then run console menu options 16 and 11 to restart PHP and the GUI, or reboot.

          pfBlockerNG and URL tables use PCRE matching so the crash you observed may be fixed by that patch.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          M 1 Reply Last reply Reply Quote 1
          • M
            mcury @jimp
            last edited by

            Thanks jimp, already using this patch, I was following the redmine ticket about the php bug.
            It is working perfectly after applying this patch :) Good job jimp and Netgate.

            dead on arrival, nowhere to be found.

            1 Reply Last reply Reply Quote 2
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Good to hear it worked for you!

              We were still getting a couple reports that people had issues but without any details about what was still broken. If you, or anyone else reading this thread, happen to encounter further problems, make sure to follow-up with log messages and other info so we can diagnose it further.

              Thanks

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.