pfBlocker not logging after 2.5.2 pfSense upgrade
-
Hi,
I upgraded pfSense to 2.5.2 and pfBlocker 3.0.0_16 has stopped logging blocked IPs. As you can see, it is only showing 1 blocked under teh DS_Basic in teh image below. It is still blocking everything, and logging is turned on. However, it is not working. It worked fine with pfSense 2.5.1. I've uninstalled and reinstalled pfBlocker, with no luck. Any thoughts?
Thanks,
-cefleet
-
same. i replied in a different thread: https://forum.netgate.com/topic/164252/pfblockerng-devel-dnsbl-not-working-after-21-05-upgrade
-
@dpseattle said in pfBlocker not logging after 2.5.2 pfSense upgrade:
https://forum.netgate.com/topic/164252/pfblockerng-devel-dnsbl-not-working-after-21-05-upgrade
Disable pfblockerNG
Review and Save settings in General, IP & DNSBL tab.
Enable pfblockerNG, Force Update, Force Reload All, see if things improve. -
@ronpfs followed suggestion. same outcome.
-
@dpseattle Time to inspect the log files and check if new blocks are logged.
-
@ronpfs Thanks for your help. I did what you recommended, with no luck. Here is a screenshot of the log file. It is only logging pixel.wp.com blocks. Though it is blocking the other stuff as well.
Thanks,
-cefleet
-
Same here. Blocking seems to work but no logging
-
What if you deactivate pfblocker, go to pfblocker logs and delete:
dnsbl.log
unified.log
ip_block.log
and after that reactivate pfblocker? Just a idea ;-) -
@fireodo said in pfBlocker not logging after 2.5.2 pfSense upgrade:
What if you deactivate pfblocker, go to pfblocker logs and delete:
dnsbl.log
unified.log
ip_block.log
and after that reactivate pfblocker? Just a idea ;-)Not working for me
-
This post is deleted! -
@berthis1958 not working for me too
-
It’s strange: for example if I try to access http://device-metrics-us.amazon.com (which is normally called by the Amazon Echo Show 5 periodically) via a browser the entry is logged in (and blocked of course). On the other hand, the Echo Show has these blocked requests (they were well logged until 2.5.1) but they are no longer logged
-
You can clearly see where I upgraded to 2.5.2 in the screenshot. It is of the dnsbl.log file.
-
@cefleet When you hover the cursor over the DNSBL / IP numbers, what is the Clear date? Maybe you can clear the counters using the Widget Garbage Icon ?
-
I have this same issue. When on 2.5.1 dashboard was working fine. Showed thousands of requests and counters would keep incrementing ever second due to smart devices.
After upgrading to 2.5.2 dashboard was all 0. I reinstalled PfBlockerNG 3.0.0_16. But that didn't change anything. Looking in dbsbl.log after the upgrade it was all old stuff, nothing new. I did a force reload and didn't change anything. I verified it was in fact blocking ads but just nothing showing up in the logs and therefore not the dashboard or reports.
What is strange is this morning there are now a few things in log and dashboard shows 99 things blocked. But even now, logs have stuff from late last night, nothing from today. So not sure what broke w/ the 2.5.2 update.
-
@bs09 Exactly the same thing happened to me and I tried much the same things as you ... I continue to investigate for a possible solution ...
-
@ronpfs after letting it run for 12hrs. the widget count is 0 for blocked packets (but confirm ads are being blocked). here is the dnsbl log that only shows a handful from yesterday.
-
@dpseattle Maybe the .sqlite files have the wrong ownership ?
ls -al /var/unbound/ total 42831 drwxr-xr-x 7 unbound unbound 39 Jul 9 12:26 . drwxr-xr-x 27 root wheel 27 Jun 2 2020 .. -rw-r--r-- 1 root unbound 176 Jul 5 04:24 access_lists.conf drwxr-xr-x 2 unbound unbound 2 Jun 2 2020 conf.d dr-xr-xr-x 8 root wheel 512 Jul 5 08:20 dev -rw-r--r-- 1 root unbound 0 Jul 5 04:24 dhcpleases_entries.conf -rw-r--r-- 1 root unbound 3371 May 1 00:18 dnsbl_cert.pem -rw-r--r-- 1 root unbound 0 Jul 5 04:24 domainoverrides.conf -rw-r--r-- 1 root unbound 3816 Jul 5 04:24 host_entries.conf drwxr-xr-x 4 root wheel 58 Oct 2 2020 lib -rw-r--r-- 1 root unbound 1697 Mar 22 22:01 pfb_dnsbl_lighty.conf -rw-r--r-- 1 root unbound 0 Jan 8 11:52 pfb_py_cache.dnsbl -rw-r--r-- 1 unbound unbound 8192 Jul 9 12:13 pfb_py_cache.sqlite -rw-r--r-- 1 root unbound 7 Jul 9 08:20 pfb_py_count -rw-r--r-- 1 root unbound 13071812 Jul 9 08:20 pfb_py_data.txt -rw-r--r-- 1 unbound unbound 8192 Jul 9 12:20 pfb_py_dnsbl.sqlite -rwxr-xr-x 1 root wheel 1687428 Jun 28 2020 pfb_py_hsts.txt -rw-r--r-- 1 root unbound 1687428 Jun 28 2020 pfb_py_hsts.txt.pkgsave -rw-r--r-- 1 root unbound 0 Jan 8 11:52 pfb_py_resolver.dnsbl -rw-r--r-- 1 unbound unbound 16384 Jul 9 12:26 pfb_py_resolver.sqlite -rw-r--r-- 1 root unbound 3475 Apr 18 01:16 pfb_py_ss.txt -rw-r--r-- 1 root unbound 2793 Mar 2 2019 pfb_py_whitelist.json -rw-r--r-- 1 root unbound 2750 Mar 22 22:01 pfb_py_whitelist.txt -rw-r--r-- 1 root wheel 52420053 Jul 9 08:20 pfb_py_zone.txt -rw-r--r-- 1 root unbound 782 Feb 28 20:19 pfb_unbound.ini -rwxr-xr-x 1 root wheel 66726 Apr 7 12:46 pfb_unbound.py -rw-r--r-- 1 root unbound 43906 Nov 1 2020 pfb_unbound.py.pkgsave -rwxr-xr-x 1 root wheel 7077 Mar 6 11:44 pfb_unbound_include.inc -rw-r--r-- 1 root unbound 5454 Nov 1 2020 pfb_unbound_include.inc.pkgsave -rw-r--r-- 1 root unbound 300 Dec 8 2018 remotecontrol.conf -rw-r--r-- 1 unbound unbound 758 Jul 9 08:20 root.key -rw-r--r-- 1 unbound unbound 2141 Jul 5 04:24 unbound.conf -rw-r--r-- 1 root unbound 2140 Mar 4 08:19 unbound.conf.error -rw-r----- 1 unbound unbound 2459 Dec 8 2018 unbound_control.key -rw-r----- 1 unbound unbound 1330 Dec 8 2018 unbound_control.pem -rw-r----- 1 unbound unbound 2459 Dec 8 2018 unbound_server.key -rw-r----- 1 unbound unbound 1318 Dec 8 2018 unbound_server.pem drwxr-xr-x 3 root unbound 3 Mar 22 22:01 usr drwxr-xr-x 3 root unbound 3 Mar 22 22:03 var -
@ronpfs looks like .sqlite are set to unbound:unbound/
-
@ronpfs Looks like the sqlite files are correct
