PfBlocker

marcelloc

@ypmict:

how to apply the pfBlocker rules to grouped interface

Change list action to alias only and create rules the way you want.

_igor_

pfblocker began to fill my logs with "php: : There were error(s) loading the rules: /tmp/rules.debug:17: cannot define table pfBlockerNorthAmerica: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [17]: table <pfblockernorthamerica>persist file "/var/db/aliastables/pfBlockerNorthAmerica.txt".

Seemed to work stable till today. The only thing i did was entering an own blocklist and put USA to my list.

Disabling the North America rules resolved the filling of systemlog, but the blocking remains down. :(

At the dashboard the widget shows all blockings as "down", say a red arrow.

New errors came up too:
php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pfBlockerTopSpammers.txt'' returned exit code '1', the output was ''
Jul 18 19:27:32 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerNorthAmerica.txt.tmp' > '/var/db/aliastables/pfBlockerNorthAmerica.txt'' returned exit code '1', the output was ''</pfblockernorthamerica>

marcelloc

Did you increased max_table_entries on system -> advanced?

you may need to disable lists before increase max_table value.

_igor_

yes. I increased the max tables before. I had pfblocker disabled before i increased the max tables.

marcelloc

try to increase to a higher value.

_igor_

increased to 400000, but still all Blockings down. :(

kilthro

@_igor_:

increased to 400000, but still all Blockings down. :(

I had to set mine to 999999999 before it all acted nice. Havent noticed any other issues with the increase.:-)

_igor_

Increased size to 999999999, but its still not working, say the status is still down. Reinstall didnt help too. :(

marcelloc

@_igor_:

Increased size to 999999999, but its still not working, say the status is still down. Reinstall didnt help too. :(

Did you disabled the server before increasing the value? You need a config apply without errors before trying a new value or a new list.

Also, check custom lists if any and diagnostic tables menu.

att,
Marcello Coutinho

_igor_

i did the following:

deinstalled pfblocker, adjusted table size, installed pfblocker, started:

php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.
Jul 19 17:27:00	check_reload_status: Reloading filter
Jul 19 17:27:00	check_reload_status: Syncing firewall
Jul 19 17:27:00	php: /pkg_edit.php: Starting pfBlocker sync process.
Jul 19 17:27:00	check_reload_status: Syncing firewall
snip
	php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.
Jul 19 14:03:42	check_reload_status: Reloading filter
Jul 19 14:03:42	php: /pkg_edit.php: Starting pfBlocker sync process.
Jul 19 14:03:38	php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.
Jul 19 14:03:38	check_reload_status: Reloading filter
Jul 19 14:03:38	check_reload_status: Syncing firewall
Jul 19 14:03:38	php: /pkg_edit.php: Starting pfBlocker sync process.
Jul 19 14:03:38	check_reload_status: Syncing firewall
Jul 19 14:03:13	check_reload_status: Syncing firewall
Jul 19 14:03:12	check_reload_status: Reloading filter
Jul 19 14:03:12	check_reload_status: Syncing firewall
Jul 19 14:03:12	php: /pkg_mgr_install.php: No pfBlocker action during boot process.
Jul 19 14:03:12	php: /pkg_mgr_install.php: No pfBlocker action during boot process.
Jul 19 14:03:00	check_reload_status: Syncing firewall
Jul 19 14:02:58	php: /pkg_mgr_install.php: Beginning package installation for pfBlocker.
Jul 19 14:02:58	check_reload_status: Syncing firewall
Jul 19 14:02:44	check_reload_status: Reloading filter
Jul 19 14:02:43	php: /pkg_mgr_install.php: No pfBlocker action during boot process.

No errors, but Status is down. It shows cdir-entries, but no packets.

marcelloc

@_igor_:

No errors, but Status is down. It shows cdir-entries, but no packets.

What action did you selected on pfblocker list? Did you enabled the service after installing?

_igor_

top spammers selected, activated.

LinuxTracker

@marcelloc:

Do you know about android ads on free apps? it's really annoying!

If your phone is rooted you can d/l AdFree from the Google store.
https://play.google.com/store/apps/details?id=com.bigtincan.android.adfree&hl=en

My Android is WiFi-only so I can Alias-block the below servers that AdFree was missing.

65.52.2.0/24 69.89.31.0/24 96.44.173.0/24 50.16.243.250/32 

If you want; I can dig out the host file AdFree creates in my phone, but you may need to be rooted to use it.

and

I updated my Skype ad-block list.
http://dl.dropbox.com/u/71477228/blacklistedads.txt

I removed 2 IPs that were hampering OfficeHelp from loading properly.
I also added a bunch of ranges that my scripts collected since last post.
The new IPs came from resolving ads2.msads.net (against 6 DNS servers every 6 min for 3 weeks).

Edit: Looks like MS added a bunch of new ad servers today.
questionmarket / adsafeprotected-admob-doubleclick / choices.truste.com

List is updated.

marcelloc

Thanks Linuxtracker, the adfree worked very nice.  :)

TommyTheKid

I guys, I have been very happy with the pfBlocker until I had to restore my firewall config. (failed CF due to bandwidthd).

When I brought up the firewall after "restoring" the configuration xml file, I got errors like this:

There were error(s) loading the rules: /tmp/rules.debug:163: macro 'pfBlockerTopSpammers' not defined
/tmp/rules.debug:163: syntax error
/tmp/rules.debug:164: macro 'pfBlockerDSHIELD' not defined
/tmp/rules.debug:193: macro 'pfBlockerTopSpammers' not defined
/tmp/rules.debug:193: syntax error
/tmp/rules.debug:194: macro 'pfBlockerDSHIELD' not defined
/tmp/rules.debug:202: macro 'pfBlockerTopSpammers' not defined
/tmp/rules.debug:202: syntax error
/tmp/rules.debug:203: macro 'pfBlockerDSHIELD' not defined
pfctl: Syntax error in config file: pf rules not loaded The line in question reads [163]: block  in  quick  on $WAN  from   $pfBlockerTopSpammers to any  label "USER_RULE: pfBlockerTopSpammers auto rule"

I assume that something is not getting backed up/restored properly. I had to disable pfBlocker and reload the firewall to get it to pass packets. Any ideas?

NOTE that I also have an HA pair (CARP/XMLRPC), but this appears to have its own XMLRPC settings.

~tommy

marcelloc

Tommy,

If you were using alias only action on your lists, pfblocker install/uninstall process will not remove your custom rules.
Second point is that pfblocker is disabled by default after install, you need to access it's gui and enable it.

att,

Marcello Coutinho

mbp

I'm also having the same issue(s) as igor. I have max table entries set to 999999999. Reinstalled package 2 times. Restored configuration as well. I just installed pfSense itself maybe a day ago (new build). I'm using the Primary Threats blocklist from i-blocklist. I have also tried selecting country blocks. All show red arrow pointing down.  :(

marcelloc

mbp,

check pfblocker wiki at doc.pfsense.org/index.php/Pfblocker

att,
Marcello Coutinho

marcelloc

Country IP Blocks is considering offering free ACLs to pfblocker users

kilthro

thats awesome news!