Pfblocker initialisation and restore



  • I created a basic 1 LAN, 1 WAN working configuration then added the pFblocker package but didn't configure it. At that point, there are no aliases in the firewall configuration. I am using ALIX 2D13, pfSense 2.0.1, pfBlocker 1.0.1

    During startup, the console reports:

    Warning: Invalid argument supplied for foreach() in /usr/local/pkg/pfblocker.inc on line 368

    The code doesn't seem to cope with the case where nothing is setup yet, when there are no aliases.
    (Not a deal-breaker - but I like to eliminate console messages if possible!)

    Then I setup some pFblocker configuration (to block the Spamhaus DROP list). On rebooting there is no console startup warning message, since there is now an alias. Now I have various good firewall rules that have been added by pfBlocker.

    Then I backed up the configuration, made some other changes to the router, then tried to restore my backed-up configuration (simple 1 LAN, 1 WAN and pfBlocker).

    When it reboots, it downloads the pfBlocker package again. The console spits out loads of progress messages while packages are downloading in the background (e.g. for every 1% of every file). This slows down the package download, because the console output is only 9600 baud.

    I would love to be able to download all the packages I use onto a slice, then copy the slice to the alternate slice, then do all the configuration and be able to save and reload various configuration files without the system downloading all the packages every time.
    I am on the end of slow links in a remote area, and I would also like to be able to have a spare router "ready to go", with the packages on it and just needing a current config file.

    Q1) Is there some way to swap around between configurations without always downloading every package again?

    After pfBlocker finished downloading, it went through it's setting up but it did not actually create any firewall alias or rules. I rebooted after this, hoping that on a restart pfBlocker would read its settings and generate the necessary rules, but it didn't happen. In the GUI "Enable pfBlocker" is not checked.

    Q2) What is the official method for recovering the pfBlocker state after restoring a configuration file?

    After checking "Enable pfBlocker" and saving, the alias for my list was created and rules were added.

    Thanks



  • During startup, the console reports:

    Warning: Invalid argument supplied for foreach() in /usr/local/pkg/pfblocker.inc on line 368

    There maybe a missing check if array exists. I`ll check it and include this fix on next release.

    Q1) Is there some way to swap around between configurations without always downloading every package again?

    Everytime you call reinstall script, pfblocker disables itself to remove all alias and rules but not downloaded url files.

    If you just replace config file without a restore backup then reboot, no package re-install is called.

    Pfblocker does not have any binary, just gui files as it uses native pfsense functions.

    Q2) What is the official method for recovering the pfBlocker state after restoring a configuration file?

    Until 1.0.1 release, you need to enable service every time you reinstall package. This prevents a lot of erros on alias and file downloads.



  • FYI I'm getting exactly same problem after a reboot.

    368 line error, dunno about the download since I'm on xDSL.



  • Just updated pfBlocker to 1.0.2 with this and other fixes

    Complete update list is here:
    http://forum.pfsense.org/index.php/topic,42543.msg243313.html#msg243313



  • Thanks, updated pfBlocker 1.0.2 on 1 router with no problems.


Log in to reply