Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5

andrebrait

@markdavis yeah, I've been working with BBcan177 in a larger patch set for pfBlockerNG, but I'm gonna suggest this gets merged and released first.

I've been a bit short on time to complete the full patch set.

markdavis

@andrebrait said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

@markdavis yeah, I've been working with BBcan177 in a larger patch set for pfBlockerNG, but I'm gonna suggest this gets merged and released first.

I've been a bit short on time to complete the full patch set.

Do you think it is safe for us to just ignore the issue with the "reports" tab and move forward with implementation? Kinda makes me nervous, though :)

andrebrait

@markdavis it should be. AFAICT the error is only for that tab. Well, there was another thing too, but nonetheless, it's for presentation on the screen. It doesn't affect the actual blocking or anything, IIRC.

SteveITS

@markdavis re HA be aware pfB sync doesn’t work unless you force reload on the primary.
https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/ (there’s a typo fix but it still doesn’t work)

markdavis

@andrebrait said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

@markdavis it should be. AFAICT the error is only for that tab. Well, there was another thing too, but nonetheless, it's for presentation on the screen. It doesn't affect the actual blocking or anything, IIRC.

Thanks. It is odd that nobody else reported what we are seeing with the reports tab. But it seems to be the same error as the OP, only in a different situation.

markdavis

@SteveITS said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

@markdavis re HA be aware pfB sync doesn’t work unless you force reload on the primary.
https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/ (there’s a typo fix but it still doesn’t work)

Wow, thanks.... yet more stuff to consider! I don't think I would have ever known that without you pointing that out.

andrebrait

@markdavis definitely not something for production, but if you want, you can test the pfBlockerNG-devel from this repo/branch:

https://github.com/andrebrait/FreeBSD-ports/tree/pfblockerng-adblock

In Python mode, it's also capable of parsing more types of AdBlock-style lists, including exclusions and whatnot. Should be stable, but probably needs more testing.

markdavis

@markdavis said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

@andrebrait said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

@markdavis it should be. AFAICT the error is only for that tab. Well, there was another thing too, but nonetheless, it's for presentation on the screen. It doesn't affect the actual blocking or anything, IIRC.

Thanks. It is odd that nobody else reported what we are seeing with the reports tab. But it seems to be the same error as the OP, only in a different situation.

We have a test pfsense install and the errors don't occur on that one. So we suspect it is because we have multiple WANs and/or HA, and/or complex interface configs, dhcp running, static mappings, and/or whatnot on our production servers (dual Netgate 1537's with 10Gb LAGG, VLANs, etc).

Anyway, we installed the System_Patches package and created a patch based on other postings:
https://redmine.pfsense.org/issues/14230 and applied it and it immediately solved the problems we had with the reports tab and also getting an error every hour (when pfblocker updates).

Thanks to those who helped. Looks like @andrebrait is still working on getting it into official.

andrebrait

@markdavis yes, I am. We're currently reviewing the changes that will be merged and addressing some small concerns regarding logging.

michmoor

@andrebrait
Ive taken a look at your pull requests so this is very interesting to see the development going on in the package.
Regarding logging, not sure whats being addressed but is there a capability to have the logging rollover each day? Right now everything gets appended to a single logfile.

andrebrait

@michmoor certainly can be done. I can put that on the queue.

I suppose it would be interesting if it could also keep a given X amount of files and automatically remove the oldest ones? I suppose this could give you time to export them somewhere if you need it for something and still have the convenience of having a configurable amount of them on-disk.

Kinda getting ahead of myself here, possibly. That's a common use-case in the server world. No idea about the firewall one

I'm not sure how feasible it is to do that in Unbound mode. In Unbound with Python, it should at least be easy enough to do that for logs generated by the Python module.

markdavis

FYI: We just updated from 23.09.1 to 24.03 which contains a slightly newer version of PFBlockerNG, 3.2.0_10. The problem still exists and we still have to apply the array patch on our systems.

andrebrait

@markdavis said in Error on pfblockerng.inc:5310 pfBlockerNG-devel 3.2.0_5:

FYI: We just updated from 23.09.1 to 24.03 which contains a slightly newer version of PFBlockerNG, 3.2.0_10. The problem still exists and we still have to apply the array patch on our systems.

The fix has not been merged yet, unfortunately.

I had to take a time out of developing it. I'll be coming back to it this month, finally.