What is the current status of pfBlockerNG-devel?

guardian

I noticed that @BBcan177 hasn't been around the forum for several months -- does this mean that development/maintenance has ceased?

Gertjan

@guardian

I guess he takes a break. That's what it takes to keep being motivated.
IMHO, and as far as I know, there are no 'urgent matters' to deal with right now.
I do presume he's surveying, and will pop up if urgent matters turn up.

Version 3.0 was very promising when it came out, but still needed 15 other sub version to iron out a boat load of small issues, where some solution created others issues ;)

guardian

@gertjan said in What is the current status of pfBlockerNG-devel?:

@guardian

I guess he takes a break. That's what it takes to keep being motivated.
IMHO, and as far as I know, there are no 'urgent matters' to deal with right now.
I do presume he's surveying, and will pop up if urgent matters turn up.

Version 3.0 was very promising when it came out, but still needed 15 other sub version to iron out a boat load of small issues, where some solution created others issues ;)

I agree it seems to be working very well. I just upgraded yesterday, and have been going through the feeds cleaning up what I had in version 2 and looking at the candidates provided to see if I should add anything.

azdeltawye

Does anyone know when Python mode will promoted to production? Currently Python unbound mode is listed as 'Beta'..

Gertjan

@azdeltawye

Python mode was introduced in pfSense version 2.4.5, introduced in March 2020.
This badge could probably be removed.
If it was me, de "-devel" suffix could also be removed.

I'm using Python mode since last year. It's rock solid.

keyser

@gertjan Rock solid yes, but I have uncovered that it causes sustained write I/O til disk when running in python mode. Not a huge number - for my tests on a SG1100, SG2100 and SG5100 only about 100 - 400Kb/s sustained.

But for the small boxes with only a built in 8Gb eMMC, that will burn through the drive write endurance in about a years time.

So we might se a lot of SG-1100/SG-2100/SG-3100 with failed SSD drives in less than a year from now if this issue is not fixed.

Gertjan

@keyser said in What is the current status of pfBlockerNG-devel?:

but I have uncovered that it causes sustained write I/O til disk when running in python mode

You discovered that people wanted charts, details and graphs

.

keyser

@gertjan Maybe, but it also happens even though no users are connected and no DNS resolutions are made (appart from what the pfSense box does on its own).
So I doubt it is related to this - please remember I have tried disabling all logging on DNSBL and lists and, and …..

jdeloach

@guardian said in What is the current status of pfBlockerNG-devel?:

I noticed that @BBcan177 hasn't been around the forum for several months -- does this mean that development/maintenance has ceased?

@BBcan177 appears to be very active on reddit.com working/testing issues that folks are reporting here on the netgate forum.

A quick google search would tell you what he is doing/finding with issues folks have reported here. Don't worry, he hasn't abandoned pfblockerNG-devel.

Gertjan

@keyser

Set this :

save and reload.

Now you can see what happens - what unbound does - in real time :

tail -f /var/log/resolver.log

To reduce the DNS activity, remove devices from your LAN's.

Don't forget to lower the log setting ;)

jc1976

Does anyone know the timeline of when pfBlockerNG will be taken down and fully replaced with -devel?

with each new -devel release, are we required to uninstall the old '-devel' first?

will @BBcan177 ever hand over the reins to the community for further development of pfBlocker instead of taking it all on himself?
I imagine he's gotta be a bit burnt out at this point.. and if he should ever decide to quit, what a crime..

SteveITS

@jc1976 said in What is the current status of pfBlockerNG-devel?:

Does anyone know the timeline of when pfBlockerNG will be taken down and fully replaced with -devel?

Haven't seen one. It's been a few years.

with each new -devel release, are we required to uninstall the old '-devel' first?

No. There's a button to upgrade existing packages (in place of the checkmark for "up to date"). Generally, Netgate suggests uninstalling packages before pfSense version upgrades and reinstalling after.

emikaadeo

pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106

keyser

@emikaadeo said in What is the current status of pfBlockerNG-devel?:

pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106

Yay - Hail @BBcan177 for his EXCELLENCT work

fireodo

@emikaadeo said in What is the current status of pfBlockerNG-devel?:

pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106

So glad to see BBcan177 back!

keyser

@fireodo
And… It’s released :-)

Upgrading now. Will report back with status regarding fixes to the issues at hand (filling disk and missing https logging/widget count stopping)

Update: It upgraded without issues and so far works as expected.
It also returned the currently “lost” drive space (as stopping/starting pfBlockerNG-devel did)

emikaadeo

Upgrade from 3.0.0_16 to 3.1.0 doesn't went smoothly for me on CE 2.5.2
(Unbound Python mode)

1/ Unbound fails to start (have to be restarted manually)
2/ DNSBL 'tick' on widget was yellow, no DNSBL aliases were showing
3/ have to 'Force Reload' DNSBL
4/ lost DNSBL packet count on Dashboard Widget

Basically all the symptoms like here https://www.reddit.com/r/pfBlockerNG/comments/mmzy7f/dnsbl_packet_count_cleared_on_upgrade

PS. I didn't disable pfBlockerNG before upgrade.

keyser

@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?

After install you need to disable pfBlockerNG, save, force update, and then you can enable pfBlockerNG, save and yet another Force Update.

Only after that can you expect the new code to be active and things “back to normal”

vjizzle

@keyser said in What is the current status of pfBlockerNG-devel?:

@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?

After install you need to disable pfBlockerNG, save, force update, and then you can enable pfBlockerNG, save and yet another Force Update.

Only after that can you expect the new code to be active and things “back to normal”

Or just reboot. I did that and everything is working fine.

emikaadeo

@keyser said in What is the current status of pfBlockerNG-devel?:

@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?

It’s not like I didn’t know what to do to deal with this issues ;)
It was first pfBlocker upgrade since CE 2.5.0 or 2.5.1 and I thought this issuses was resolved since then.
But it looks like bug https://redmine.pfsense.org/issues/11398 is still with us.
Anyway, pfBlocker and Unbound are up and running.