pfBlockerNG-devel v3.2.0_15
-
@BBcan177 I am running pfSense 2.7.2 and I use ASNs extensively for both whitelisting and blacklisting, so this BGPview-created mess has caused me a lot of grief.
I have been checking this thread, and the pfSense GUI, multiple times per day for news on the availability of a pfBlockerNG update that resolves this. I'm poised for action with my recently obtained IPinfo account and token.
Thanks for your efforts.
-
Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?
-
It looks like same report on reddit in this post. Not sure how to recover my CE as I don't think we have boot environments to recover.
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?
same problem here.
Edit:
It was using only one core, now both are 100% usage:Edit2: Killed php-fpm process, then shell option:16) Restart PHP-FPM and recovered access to the GUI.
I'll restore boot environment pretty soon. -
@mcury So you killed the pool nginx process and not the pfblockerng-devel post-install one?
Edit: I tried option 16 and it does not work for me, no GUI.
-
@revengineer can you try to download the pfblockerng.inc file from this reddit post. Amd see if that fixes it. Use the 2.7.2 Version.
https://www.reddit.com/r/pfBlockerNG/s/TV1gP3v96L
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
So you killed the pool nginx process and not the pfblockerng-devel post-install one?
nuked it completely, killall -KILL php-fpm.
then exit and option 16, GUI restored, restored previous boot environment and now I'm 100%.Note that perhaps there is a better way of doing this.. I did because I can always rely on BE.
-
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
@mcury I got some good help from @BBcan177 over on the reddit forums under this link. With that I managed to recover my firewall. Still waiting for a fix to reinstall the package but in the mean time its working.
That is great..
I'll also wait for an update on this matter before trying to update it again.
-
@BBcan177 for the sake of providing an update and maybe a route for others:
TL;DR:
So, ultimately, if anyone else thought, "Oh, weird. I've got my config, lemme do a reinstall." then stumbles on this when that doesn't work... using the curl commands shared on reddit, and a combination of rebooting/waiting things out (and console or ssh access tops auxww
ortop
monitor what's happening the best you can), will get to a place where it's done, but running the curl commands again will then let you get back in. In the mean time, rolling back to the main branch instead of -devel may be the smart move in terms of keeping pfblocker functionality.What I ran through:
I was running into this, didn't find this thread (or the reddit post(s)) yet, and decided to try a reinstall of the pfsense router because when I just restarted the device it wouldn't boot to a full console, it seemed to lock up when loading the OpenVPN export service although routing was still working. I figured something was wrong with my install, not the package. scp'd my config for safety, and did a restore config during the install, everything seemed to be going fine. Then the webGUI locked up during reinstalling packages like it did when just updating the package. I started digging in and found this.
I was able to SSH into the machine, copy/paste the curl commands, and after a bit it appears as if the package actually installed while I was trying to figure out how to restart the
pfb_filter
service (until I hit a "Oh, I guess it didn't install that yet" wall because the service rc.d files weren't there). It looked like it was not continuing to install other packages so I restarted PHP-FPM. I was still seeing//usr/local/bin/php -f //etc/rc.packages pfSense-pkg-pfBlockerNG-devel POST-INSTALL
at 100% usage on a CPU core, still not seeing progress on other packages, so I restarted the machine. After a couple minutes the POST-INSTALL process is back to running a CPU at full and the webUI became unreachable again. After a little bit the POST-INSTALL process went away on it's own, then saw a bunch of pool nginx threads instead, webUI was still not loading. Watching via ssh, it looked like packages did finish installing but I still wasn't getting webUI so I restarted the router again. At this point, I still wasn't getting back into the webUI, but routing still worked.I figured I'd rerun the curl commands to get things from the github gist again, the
pfb_filter
service still didn't seem to exist so just I just rebooted the router, and it looked like everything was "fine" now except pfblocker is definitely not installed right. No menu item under firewall, the dashboard widget is showing nothing, etc. For now I'm removing the -devel package and switching to the stable release package. It didn't offer to let me keep my settings but it appears to still have kept them. At least, after running the force update to rebuild things it looks like my DNSBL whitelists are kept as well as all my other settings.Wanted to share the story as I imagine there may be another "Eeeh, a reinstall is easy enough since I have my config" person out there. It's fixable.
-
This post is deleted! -
-
-
To add my solution (no idea how "dirty" it is):
I SSH'd in and executed "pkg install pfSense-pkg-pfBlockerNG" to get the -stable version. While the de-installation of -devel got stuck I SSH'd a second shell & searched for the 100% php process and just killed that one. Not the de-installation of -devel and installation of -stable continued. After finishing I could reach the GUI again and it looks normal.
-
I did the update.
In the last two entries he did not write DONE. is this correct?>>> Upgrading pfSense-pkg-pfBlockerNG-devel... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-pfBlockerNG-devel: 3.2.0_10 -> 3.2.0_15 [pfSense] Number of packages to be upgraded: 1 The operation will free 1 MiB. 2 MiB to be downloaded. [1/1] Fetching pfSense-pkg-pfBlockerNG-devel-3.2.0_15.pkg: .......... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-pkg-pfBlockerNG-devel from 3.2.0_10 to 3.2.0_15... [1/1] Extracting pfSense-pkg-pfBlockerNG-devel-3.2.0_15: .......... done Removing pfBlockerNG-devel components... Menu items... done. Services... done. Loading package instructions... Removing pfBlockerNG... All customizations/data will be retained... done. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions...
After the update, it no longer lets me log in to the pfsense gui,
CPU is at 100%
I can hear the CPU cooling fan already on full blast
shell command prompt is blocked
What should I do??
i try to restart system -
Whooops, I had just clicked on upgrade package and at the same time landed here to read up on the update. Lucky I have an HA setup and a backup of the first VM which I started to update. Both php processes on both CPUs were swapping to 100% CPU usage when I dropped in the cli to take a peek with top as reported. I didn't want to go through the fix hassle and just restored the previous backup of my first pfSense VM while the second one became master (Hail to HA and CARP! How many times has this setup saved me unwanted trips and angry calls!) and in less than 7 minutes everything was back to normal. Definitely will wait this one out ;)
-
@Unoptanio interestingly you can still get into the gui via other pages like the package manager etc. Had the same issue but the url extension for the package manager page autofilled by my browser and I was able to get in that way. Only the main page of the GUI doesn’t work, once in if you click on the main landing page it will still get stuck all the other parts of the GUI firewall, nat etc work… Another issue is it’s now showing multiple packages as updatable that have no updates like ntopng; some just reinstall the original package and others get stuck attempting to reinstall. I guess it caused some sort of corruption. Hopefully a fix soon.
-
@aivxtla
Panic!I made 3 or 4 attempts to restart but they didn't solve the problem.
After the last reboot I was able to access the GUI with this screen and message:[24-Sep-2024 12:09:11 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:09:56 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:11:09 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:12:19 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:16:38 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:22:29 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:26:44 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:27:04 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733
[24-Sep-2024 12:54:34 Europe/Rome] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/util.inc on line 3733It appears to have automatically rolled back to version 23.09.1
At this point I restored a backup I had
Unfortunately I immediately updated without reading other users' experiences, otherwise I wouldn't have done it.
At this point if I update to version 24.03_1 in the end when I restart everything stops again
-
First time that I've been bitten by an apparently bad package update on pfSense... This issue is taking place on 24.03
Stalled with the following output:
>>> Upgrading pfSense-pkg-pfBlockerNG-devel... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-pfBlockerNG-devel: 3.2.0_10 -> 3.2.0_15 [pfSense] Number of packages to be upgraded: 1 The operation will free 1 MiB. 2 MiB to be downloaded. [1/1] Fetching pfSense-pkg-pfBlockerNG-devel-3.2.0_15.pkg: .......... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-pkg-pfBlockerNG-devel from 3.2.0_10 to 3.2.0_15... [1/1] Extracting pfSense-pkg-pfBlockerNG-devel-3.2.0_15: .......... done Removing pfBlockerNG-devel components... Menu items... done. Services... done. Loading package instructions... Removing pfBlockerNG... All customizations/data will be retained... done. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions...
I've let it sit for several minutes and note that a couple of the php processes seem to be hapily eating at the CPU trough:
last pid: 42043; load averages: 2.12, 1.71, 1.30 up 5+21:14:25 07:04:19 75 processes: 3 running, 72 sleeping CPU: 50.1% user, 0.0% nice, 0.5% system, 0.0% interrupt, 49.4% idle Mem: 132M Active, 254M Inact, 482M Wired, 56K Buf, 2849M Free ARC: 162M Total, 32M MFU, 122M MRU, 264K Anon, 1149K Header, 6386K Other 127M Compressed, 325M Uncompressed, 2.56:1 Ratio Swap: 1024M Total, 1024M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 52982 root 1 135 0 70M 50M CPU0 0 31:17 100.17% php 68952 root 1 135 0 69M 49M CPU2 2 4:20 100.09% php 593 root 1 21 0 161M 62M accept 2 0:08 0.75% php-fpm 69397 root 1 68 0 140M 57M accept 2 0:07 0.75% php-fpm
Have not visited the reddit thread mentioned or performed any other interventions...
--Larry
-
If some has difficulty to get in use
http://username:passweord@192.168.1.1//diag_backup.php
-
This post is deleted! -
Unfortunately I immediately updated without reading other users' experiences, otherwise I wouldn't have done it.
At this point if I update to version 24.03_1 in the end when I restart everything stops again