What is the current status of pfBlockerNG-devel?
-
Does anyone know when Python mode will promoted to production? Currently Python unbound mode is listed as 'Beta'..
-
Python mode was introduced in pfSense version 2.4.5, introduced in March 2020.
This badge could probably be removed.
If it was me, de "-devel" suffix could also be removed.I'm using Python mode since last year. It's rock solid.
-
@gertjan Rock solid yes, but I have uncovered that it causes sustained write I/O til disk when running in python mode. Not a huge number - for my tests on a SG1100, SG2100 and SG5100 only about 100 - 400Kb/s sustained.
But for the small boxes with only a built in 8Gb eMMC, that will burn through the drive write endurance in about a years time.
So we might se a lot of SG-1100/SG-2100/SG-3100 with failed SSD drives in less than a year from now if this issue is not fixed.
-
@keyser said in What is the current status of pfBlockerNG-devel?:
but I have uncovered that it causes sustained write I/O til disk when running in python mode
You discovered that people wanted charts, details and graphs
. -
@gertjan Maybe, but it also happens even though no users are connected and no DNS resolutions are made (appart from what the pfSense box does on its own).
So I doubt it is related to this - please remember I have tried disabling all logging on DNSBL and lists and, and …..Love the no fuss of using the official appliances :-)
-
@guardian said in What is the current status of pfBlockerNG-devel?:
I noticed that @BBcan177 hasn't been around the forum for several months -- does this mean that development/maintenance has ceased?
@BBcan177 appears to be very active on reddit.com working/testing issues that folks are reporting here on the netgate forum.
A quick google search would tell you what he is doing/finding with issues folks have reported here. Don't worry, he hasn't abandoned pfblockerNG-devel.
-
Set this :
save and reload.
Now you can see what happens - what unbound does - in real time :
tail -f /var/log/resolver.logTo reduce the DNS activity, remove devices from your LAN's.
Don't forget to lower the log setting ;)
-
Does anyone know the timeline of when pfBlockerNG will be taken down and fully replaced with -devel?
with each new -devel release, are we required to uninstall the old '-devel' first?
will @BBcan177 ever hand over the reins to the community for further development of pfBlocker instead of taking it all on himself?
I imagine he's gotta be a bit burnt out at this point.. and if he should ever decide to quit, what a crime.. -
@jc1976 said in What is the current status of pfBlockerNG-devel?:
Does anyone know the timeline of when pfBlockerNG will be taken down and fully replaced with -devel?
Haven't seen one. It's been a few years.
with each new -devel release, are we required to uninstall the old '-devel' first?
No. There's a button to upgrade existing packages (in place of the checkmark for "up to date"). Generally, Netgate suggests uninstalling packages before pfSense version upgrades and reinstalling after.
-
pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106
-
@emikaadeo said in What is the current status of pfBlockerNG-devel?:
pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106
Yay - Hail @BBcan177 for his EXCELLENCT work
-
@emikaadeo said in What is the current status of pfBlockerNG-devel?:
pfBlockerNG-devel 3.1.0 is coming https://github.com/pfsense/FreeBSD-ports/pull/1106
So glad to see BBcan177 back!
-
@fireodo
And… It’s released :-)Upgrading now. Will report back with status regarding fixes to the issues at hand (filling disk and missing https logging/widget count stopping)
Update: It upgraded without issues and so far works as expected.
It also returned the currently “lost” drive space (as stopping/starting pfBlockerNG-devel did) -
Upgrade from 3.0.0_16 to 3.1.0 doesn't went smoothly for me on CE 2.5.2
(Unbound Python mode)1/ Unbound fails to start (have to be restarted manually)
2/ DNSBL 'tick' on widget was yellow, no DNSBL aliases were showing
3/ have to 'Force Reload' DNSBL
4/ lost DNSBL packet count on Dashboard WidgetBasically all the symptoms like here https://www.reddit.com/r/pfBlockerNG/comments/mmzy7f/dnsbl_packet_count_cleared_on_upgrade
PS. I didn't disable pfBlockerNG before upgrade.
-
@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?After install you need to disable pfBlockerNG, save, force update, and then you can enable pfBlockerNG, save and yet another Force Update.
Only after that can you expect the new code to be active and things “back to normal”
Love the no fuss of using the official appliances :-)
-
@keyser said in What is the current status of pfBlockerNG-devel?:
@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?After install you need to disable pfBlockerNG, save, force update, and then you can enable pfBlockerNG, save and yet another Force Update.
Only after that can you expect the new code to be active and things “back to normal”
Or just reboot. I did that and everything is working fine.
-
@keyser said in What is the current status of pfBlockerNG-devel?:
@emikaadeo
Didi you follow the short guide on what to do/expect during upgrade?It’s not like I didn’t know what to do to deal with this issues ;)
It was first pfBlocker upgrade since CE 2.5.0 or 2.5.1 and I thought this issuses was resolved since then.
But it looks like bug https://redmine.pfsense.org/issues/11398 is still with us.
Anyway, pfBlocker and Unbound are up and running. -
@keyser So far so good :-)
After the 3.1.0 upgrade my problems have all been addressed:
1: My diskspace is no longer permanently dvindeling until I’m forced to stop/start pfBlockerNG or reboot my firewall. My diskspace seems stable. Every time the Cron job runs the “lost” space during the day is returned, and it seems fine.
2: My widget is once again reflecting hits on both DNSBL and IP lists - including HTTPS hits to the DNSBL VIP
So it seems this version is the golden standard going forward.
Hope it makes it to release/stable version soon.
Would be nice to run this version on production hardware and more speculative/beta like features once again can make it into the -devel version.
