pfBlockerNG-devel v3.2.0_15
-
There is an updated pull request posted for pfBlockerNG-devel v3.2.0_15.
It has been merged and should be available for download in pfSense 23.x and pfSense Plus
For pfSense 2.7.2, it should be available sometime next week.
Once these changes have baked for a few days in pfBlockerNG-devel, I will push these changes to pfBlockerNG.
More detail in Patreon. Thanks.
-
This may be intentional, - however the subtle change in operation may catch some people by surprise.
So FYIunder the previous version, (when downloading from bgpview) downloads would work even if the ASN Reporting option was Disabled. (you just want the ASN data for an alias list, not the ASN entries cache for reporting as it is labelled)
under the new version, you must have one of the options selected for ASN Reporting -
if reporting is set as disabled, you won't get the download and it won't tell you why.. just silently logs nothing between the start and end.when ASN Reporting is disabled - no download ever
Download Process Starting [ 09/7/24 10:30:00 ]
Download Process Endedwhen ASN Reporting set to anything other than disabled, download
Download Process Starting [ 09/7/24 10:35:00 ]
/usr/local/share/GeoIP/asn.mmdb 200 OK
/usr/local/share/GeoIP/asn.csv.gz 200 OK
ASN Lookup Table has been updated [ 09/07/24 10:35:05 ]
Download Process Ended [ 09/7/24 10:35:06 ] -
@jrey the caching of ASN is not really necessary as it's not polling an external API (BGPview) anymore. So that was previously intended to limit the amount of API requests.
I left it in for now, but it should probably just be "Enabled" and "Disabled" as options.
So if a user wants to have then ASN reported in the Alerts/Reports tab and the ability to convert an ASN into IP addresses, then the user needs to set it to only of the caching options. I suggest the 1 hour option.
-
fair -- the difference in what happens when it is disabled in the current system. disabled now actually prevents the download. - which will likely catch some people and leave them wondering why nothing is happening --- just provided as an FYI.
-
why is v3.2.0_8 the latest pfBlockerNG-devel version available via Package Manager (webConfigurator) on CE 2.7.2? is there some manual package update/intervention required to update to the latest version?
-
@cyberconsultants there are some different functions between 2.7.2 and other pfSense versions. Hope to have the out next week.
-
@jrey I will add a note to the change log.
-
B BBcan177 pinned this topic on
-
@BBcan177 I am running pfSense 2.7.2 and I use ASNs extensively for both whitelisting and blacklisting, so this BGPview-created mess has caused me a lot of grief.
I have been checking this thread, and the pfSense GUI, multiple times per day for news on the availability of a pfBlockerNG update that resolves this. I'm poised for action with my recently obtained IPinfo account and token.
Thanks for your efforts.
-
Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?
-
It looks like same report on reddit in this post. Not sure how to recover my CE as I don't think we have boot environments to recover.
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
Houston, we have a problem! Trying to update on CE 2.7.2, and POST-INSTALL has been running for 10 min at 100% CPU. Is this normal? Or do I need to recover and how?
same problem here.
Edit:
It was using only one core, now both are 100% usage:
Edit2: Killed php-fpm process, then shell option:16) Restart PHP-FPM and recovered access to the GUI.
I'll restore boot environment pretty soon. -
@mcury So you killed the pool nginx process and not the pfblockerng-devel post-install one?
Edit: I tried option 16 and it does not work for me, no GUI.
-
@revengineer can you try to download the pfblockerng.inc file from this reddit post. Amd see if that fixes it. Use the 2.7.2 Version.
https://www.reddit.com/r/pfBlockerNG/s/TV1gP3v96L
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
So you killed the pool nginx process and not the pfblockerng-devel post-install one?
nuked it completely, killall -KILL php-fpm.
then exit and option 16, GUI restored, restored previous boot environment and now I'm 100%.Note that perhaps there is a better way of doing this.. I did because I can always rely on BE.
-
-
@revengineer said in pfBlockerNG-devel v3.2.0_15:
@mcury I got some good help from @BBcan177 over on the reddit forums under this link. With that I managed to recover my firewall. Still waiting for a fix to reinstall the package but in the mean time its working.
That is great..
I'll also wait for an update on this matter before trying to update it again.
-
@BBcan177 for the sake of providing an update and maybe a route for others:
TL;DR:
So, ultimately, if anyone else thought, "Oh, weird. I've got my config, lemme do a reinstall." then stumbles on this when that doesn't work... using the curl commands shared on reddit, and a combination of rebooting/waiting things out (and console or ssh access tops auxwwortopmonitor what's happening the best you can), will get to a place where it's done, but running the curl commands again will then let you get back in. In the mean time, rolling back to the main branch instead of -devel may be the smart move in terms of keeping pfblocker functionality.What I ran through:
I was running into this, didn't find this thread (or the reddit post(s)) yet, and decided to try a reinstall of the pfsense router because when I just restarted the device it wouldn't boot to a full console, it seemed to lock up when loading the OpenVPN export service although routing was still working. I figured something was wrong with my install, not the package. scp'd my config for safety, and did a restore config during the install, everything seemed to be going fine. Then the webGUI locked up during reinstalling packages like it did when just updating the package. I started digging in and found this.
I was able to SSH into the machine, copy/paste the curl commands, and after a bit it appears as if the package actually installed while I was trying to figure out how to restart the
pfb_filterservice (until I hit a "Oh, I guess it didn't install that yet" wall because the service rc.d files weren't there). It looked like it was not continuing to install other packages so I restarted PHP-FPM. I was still seeing//usr/local/bin/php -f //etc/rc.packages pfSense-pkg-pfBlockerNG-devel POST-INSTALLat 100% usage on a CPU core, still not seeing progress on other packages, so I restarted the machine. After a couple minutes the POST-INSTALL process is back to running a CPU at full and the webUI became unreachable again. After a little bit the POST-INSTALL process went away on it's own, then saw a bunch of pool nginx threads instead, webUI was still not loading. Watching via ssh, it looked like packages did finish installing but I still wasn't getting webUI so I restarted the router again. At this point, I still wasn't getting back into the webUI, but routing still worked.I figured I'd rerun the curl commands to get things from the github gist again, the
pfb_filterservice still didn't seem to exist so just I just rebooted the router, and it looked like everything was "fine" now except pfblocker is definitely not installed right. No menu item under firewall, the dashboard widget is showing nothing, etc. For now I'm removing the -devel package and switching to the stable release package. It didn't offer to let me keep my settings but it appears to still have kept them. At least, after running the force update to rebuild things it looks like my DNSBL whitelists are kept as well as all my other settings.Wanted to share the story as I imagine there may be another "Eeeh, a reinstall is easy enough since I have my config" person out there. It's fixable.
-
This post is deleted! -
G Gertjan referenced this topic on
-
S Spacey 0 referenced this topic on
-
To add my solution (no idea how "dirty" it is):
I SSH'd in and executed "pkg install pfSense-pkg-pfBlockerNG" to get the -stable version. While the de-installation of -devel got stuck I SSH'd a second shell & searched for the 100% php process and just killed that one. Not the de-installation of -devel and installation of -stable continued. After finishing I could reach the GUI again and it looks normal.
-
I did the update.
In the last two entries he did not write DONE. is this correct?>>> Upgrading pfSense-pkg-pfBlockerNG-devel... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-pfBlockerNG-devel: 3.2.0_10 -> 3.2.0_15 [pfSense] Number of packages to be upgraded: 1 The operation will free 1 MiB. 2 MiB to be downloaded. [1/1] Fetching pfSense-pkg-pfBlockerNG-devel-3.2.0_15.pkg: .......... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-pkg-pfBlockerNG-devel from 3.2.0_10 to 3.2.0_15... [1/1] Extracting pfSense-pkg-pfBlockerNG-devel-3.2.0_15: .......... done Removing pfBlockerNG-devel components... Menu items... done. Services... done. Loading package instructions... Removing pfBlockerNG... All customizations/data will be retained... done. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions...
After the update, it no longer lets me log in to the pfsense gui,
CPU is at 100%
I can hear the CPU cooling fan already on full blast
shell command prompt is blocked
What should I do??
i try to restart system
