PfBlocker
-
updated to pfsense 2.01. Removed country block and ipblock. Installed pfblocker
pfblock appears to work fine.
I am seeing a frequent messages in system log:
Dec 29 12:13:35 <user.notice>fw root: IP-Blocklist was found not running
Dec 29 12:16:26 <user.err>fw apinger: ALARM: WANGW(192.168.75.1) *** delay ***
Dec 29 12:16:36 <user.notice>fw check_reload_status: Reloading filter
Dec 29 12:16:42 <user.notice>fw root: IP-Blocklist was found not running
I do not see IP-Blocklist in the installed packages.
I see a reference in the config.xml :
–-------<ipblocklist_settings><config><enable>0</enable></config></ipblocklist_settings>
why is IP-Blocklist trying to get restarted ?
Is there another file that still thinks IP-Blocklist is installed ?</user.notice></user.notice></user.err></user.notice> -
maybe you need to delete its remaining script.
'/usr/local/pkg/pf/IP-Blocklist.sh'
Also look for ipblocklist scripts in /usr/local/etc/rc.d
I see a reference in the config.xml
follow these steps:
-
backup configuration
-
open /conf/config.xml
-
remove these entries
-
save file
-
reboot pfsense
-
-
I keep getting these messages in the system log:
Dec 29 17:01:02 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 17:01:02 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 17:00:53 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Dec 29 17:00:23 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 17:00:23 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 17:00:15 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Dec 29 16:59:45 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 16:59:45 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 16:59:36 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Dec 29 16:59:06 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 16:59:06 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 29 16:58:58 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
But in the Dashboard everything looks good.
</pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg> -
Increase even more Firewall Maximum Table Entries in system->advanced -> firewall/NAT
-
Ok, will try that. Now is at 3000000, will try with 4000000.
Edit: with 4000000 still getting those messages. Will keep trying until I find a number that works and report back.
-
Don't forget to see memory use in dashboard. If you are getting more then 80% may be time for an upgrade or smaller lists.
-
Memory is at 44% at the moment, I should have plenty of headroom.
-
Personally I took mine up to a high value that would never be reached (something like 9999999999999999 or similar). I did this for several reasons.
No memory is allocated based on this number and it makes it easy to increase my table usage without trying to find a limit that will work. So it doesn't cost you anything and this ensures that no matter how many lists I use I won't run into any issue. Just in case someone is wondering my system only has 2GB of mem which is more than enough. -
I was trying to do it incrementally, but that is not working. Got up to 15000000, but then saw your post. So I'm going to try that large number[9999999999999999].
-
Are you sure you are not reading an old alert?
BTW, if a really large value does not exaust memory, It's an excelent option to prevent errors.
-
Are you sure you are not reading an old alert?
BTW, if a really large value does not exaust memory, It's an excelent option to prevent errors.
Yes, I was making sure they where not old. I have 4GB in this box. Current memory usage:
Mem: 603M Active, 67M Inact, 1151M Wired, 1048K Cache, 406M Buf, 1991M Free
Swap: 8192M Total, 8192M FreeWhen I initially click on save, it all works fine for a few minutes[~2]. Then after a random amount of time, clicking different menus to check the settings the error pops back up. At first after using 9999999999999999; I was still getting the error. It has now been ~19 minutes since the last error message. Will keep my on it too see if the error comes back. If the error comes back, I will try deleting the offending list and re adding it, to see if that helps.
Thanks for the help!
-
Check on widget if were changes on amount of cidrs applied.
CIDRs are get from applied file and package count from firewall tables.
-
Check on widget if were changes on amount of cidrs applied.
CIDRs are get from applied file and package count from firewall tables.
IP-Blocklist injects a large number like that to /tmp/rules.debug at the top to ensure no matter how many lists a user has there won't be any errors. So with pfBlocker, even though it's a manual process, I add that large number.
-
The CIDRs are the same as in the screenshot I posted above:
pfBlockerBluetack 761470
pfBlockerTBG 1262743It has been ~35 minutes and no new errors :) I'm crossing my fingers ;)
-
I need to improve lists size check to reduce this kind of issues or change error message suggesting tommyboy180 large configuration.
It's in my 'todo list when time permits' ;)
-
Needed to restart Squid and the got an alert with the error.
EDIT: Every time Squid is restarted is when the error occurs. I was messing with Squid yesterday, but did not put it together until now.
-
There was a update on squid package today, apply it and see what happens.
-
There was a update on squid package today, apply it and see what happens.
Squid was reinstalled with the latest version, but still the same.
-
I'll try to reproduce it here.
You get this memory alert once or after squid restart alerts are frequent?
-
I'll try to reproduce it here.
You get this memory alert once or after squid restart alerts are frequent?
The memory alerts only shows after a Squid restart. After the initial alerts there are no more alerts. At least that is what is occurring here.
Dec 30 15:11:54 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 30 15:11:54 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 30 15:11:46 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Dec 30 15:11:16 php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 30 15:11:16 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfblockertbg>persist file "/var/db/aliastables/pfBlockerTBG.txt"
Dec 30 15:11:07 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Dec 30 15:10:32 php: /pkg_edit.php: Reloading Squid for configuration sync
Dec 30 15:10:32 check_reload_status: Reloading filter
Dec 30 15:10:32 check_reload_status: Syncing firewall
Dec 30 15:10:32 check_reload_status: Reloading filter
Dec 30 15:10:31 php: /pkg_edit.php: Reloading Squid for configuration sync</pfblockertbg></pfblockertbg></pfblockertbg></pfblockertbg>