Debug IP Blocklist to work w/ 2.0 Beta

  • Bounty is rendered unnecessary.  Thanks again, to Tommyboy180.

    ~~The offer is for an IBM Thinkpad T23.  This is an older notebook computer.
    It's a grade 'B' machine w/ nothing missing.

    It has a PIII 1.13GHz processor, 512MB Ram, 20GB HDD, DVD player, Power Supply.
    It will come w/ a PCMCIA 10/100 NIC, for the 2nd network connection.

    The Battery doesn't hold a charge, but I may include one that does.  It would be older and not guaranteed.
    I may be able to include a docking station with it.  The ds would add 1 NIC and 2 more PCMCIA slots.

    I pay shipping.

    I know the notebook isn't worth Big$$$.  
    I'm guessing this won't take a lot of time, and thereby my offer might be a reasonable one.


    What I'm looking for is someone who could debug Tommyboy180's IP BlockList package;
    to run -reasonably reliably- on a particular pfSense 2.0 Beta installation.
    Tommyboy180 can't dedicate time - right now - to debug porting it over from 1.2 to 2.0.
    It seems to run fine on 2.0, more often than not.

    I'm competent, but my BSD skill-set isn't that developed, yet.
    I have IP Blocklist working on a different Beta 2.

    I've wiped, reloaded, tried dozens of builds - often w/ no other packages installed.
    I've switched hardware (from this Thinkpad to my current Dell).
    My trials are detailed here->,24769.msg154680.html#msg154680

    I understand pfSense 2.0 is BETA.  I know the code is continually changing.  I don't expect miracles or indentured servitude.
    I have one machine in particular I'd like IP Blocklist to behave on.  I'd be really happy if that could happen.

    It'd be double-extra groovy if you'd try to restore IP Blocklist; if some new pfSense 2.0 feature comes along and renders it inoperable:
    (Like CSFR seems to have done)->,29987.0/topicseen.html

    Again: I'm only looking for a reasonable effort.  We're both taking a small risk and I don't have unrealistic expectations.

    If you think you could stick with me, through an additional bug or two;
    then the docking station and better battery will arrive in the initial shipment.

    There are a couple of caveats.

    1. This can't become Tommyboy180's project.  He's done a lot for the pfSense community and needs a life.

    2. You can't overwrite his original code in the pfSense depository.  He doesn't have a local copy right now.

    Full Notebook Disclosure/Details.

    I -dependably- ran pfSense 2 Beta on this notebook; from this past spring till last week.
    I firewalled a small company w/ it and avg uptime was 30-60 days (when I'd restart it for an update).
    I took it offline to substitute a P4 Dell.

    I wouldn't run Squid+SquidGuard+Shallalist+massive custom ACL's on it.
    I did that on it's twin and it bogged down as it didn't have enough RAM.

    The only problem I ever had w/ it is an occasional bogus FAN error.  
    The error occurred 4x over 8 months and only on boot.  The fan itself, is fine.  
    This is a known issue w/ this gen Thinkpad, I never had the time to debug it.
    It might be related to the docking station, as it only ever happened when docked.

    End Disclosure

    I'm moving home+office this month, so may be back here often, or not so often.
    Noah Vail

  • The problem is you have not specified was wrong or i missed it!

    We all are busy and have life but still do pfSense :)

  • @ermal:

    The problem is you have not specified was wrong or i missed it!

    Well, I linked to what was wrong.,24769.msg154680.html#msg154680
    But I wasn't very clear what was in the link.

    Anyhoo, the problem goes like this.

    1. Paste my list link into the form and press '+'.
    ( ex: - I've tried several good .gz links.)
    2. Check 'Enable IP-Blocklist.
    3. Click Save/Update.

    Then the 'Current List' disappears entirely.
    (I can bring it back by pressing '+', but that doesn't effect anything.)

    My Status is always….

    Current Status = Running

    You are blocking 0 IPs

    I have tried every possible combination of buttons; Save, Save/Update, etc.
    I have uninstalled Country Block (the only other package) and tried IPBlocklist by itself.
    I have tried rebooting between installs and configs.
    I have tried a number of different versions of pfSense 2.0-BETA.

    My results have been 100% consistent.  Status Running - Blocking 0 IPs.


    We all are busy and have life but still do pfSense :)

    You have a life?  How cool is that!  What's it like?  Can I have one too?


  • Okay! After a long night I think you will be happy.
    I found the reason why the package doesn't play nice in 2.0 and I will be pushing an update very soon. I think I will update the package to the quality that countryblock is.

    Long story short FreeBSD 8 kicked a bunch of legacy packages to the curb. IP-Blocklist relies on a Perl module to convert IP ranges to CIDR using which is not found in BETA2.0.

    For now I tell BETA2.0 to install the legacy port until I can find a replacement Perl script. I'm not sure how this will affect BETA2.0 x64 so if someone can test I would be very happy.

    I know my involvement comes as a surprise to NoahVail but after seeing that you posted the bounty made me think that I could spare a night to help out a friend. Just don't tell my wife I turned her PC into a pfsense box. Hopefully I will have it back to normal before she wakes up. :)

  • You could just install it in a virtual machine for testing…

    By the way, in 2.0 there is a PHP function in /etc/inc/ for converting an IP range to a series of IP/CIDR subnets.

  • @Efonne:

    You could just install it in a virtual machine for testing…

    By the way, in 2.0 there is a PHP function in /etc/inc/ for converting an IP range to a series of IP/CIDR subnets.

    Excellent. I will look at the function. I won't be able to completely switch over the the function however since I need to support 1.2.3. Is there an easy way to determine if the pfsense install is FreeBSD 8 or 7 in the package install scripts?

  • I'm not really sure.  However, if you just want to know if a function exists there is the function_exists call.  For example:

    if (function_exists("my_function"))

  • Done! Version 3.0 is out.

    DEVs, do me a favor and don't look at the RCS server! I had a bad morning :)

Log in to reply