Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblocker initialisation and restore

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phil.davis
      last edited by

      I created a basic 1 LAN, 1 WAN working configuration then added the pFblocker package but didn't configure it. At that point, there are no aliases in the firewall configuration. I am using ALIX 2D13, pfSense 2.0.1, pfBlocker 1.0.1

      During startup, the console reports:

      Warning: Invalid argument supplied for foreach() in /usr/local/pkg/pfblocker.inc on line 368

      The code doesn't seem to cope with the case where nothing is setup yet, when there are no aliases.
      (Not a deal-breaker - but I like to eliminate console messages if possible!)

      Then I setup some pFblocker configuration (to block the Spamhaus DROP list). On rebooting there is no console startup warning message, since there is now an alias. Now I have various good firewall rules that have been added by pfBlocker.

      Then I backed up the configuration, made some other changes to the router, then tried to restore my backed-up configuration (simple 1 LAN, 1 WAN and pfBlocker).

      When it reboots, it downloads the pfBlocker package again. The console spits out loads of progress messages while packages are downloading in the background (e.g. for every 1% of every file). This slows down the package download, because the console output is only 9600 baud.

      I would love to be able to download all the packages I use onto a slice, then copy the slice to the alternate slice, then do all the configuration and be able to save and reload various configuration files without the system downloading all the packages every time.
      I am on the end of slow links in a remote area, and I would also like to be able to have a spare router "ready to go", with the packages on it and just needing a current config file.

      Q1) Is there some way to swap around between configurations without always downloading every package again?

      After pfBlocker finished downloading, it went through it's setting up but it did not actually create any firewall alias or rules. I rebooted after this, hoping that on a restart pfBlocker would read its settings and generate the necessary rules, but it didn't happen. In the GUI "Enable pfBlocker" is not checked.

      Q2) What is the official method for recovering the pfBlocker state after restoring a configuration file?

      After checking "Enable pfBlocker" and saving, the alias for my list was created and rules were added.

      Thanks

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        During startup, the console reports:

        Warning: Invalid argument supplied for foreach() in /usr/local/pkg/pfblocker.inc on line 368

        There maybe a missing check if array exists. I`ll check it and include this fix on next release.

        Q1) Is there some way to swap around between configurations without always downloading every package again?

        Everytime you call reinstall script, pfblocker disables itself to remove all alias and rules but not downloaded url files.

        If you just replace config file without a restore backup then reboot, no package re-install is called.

        Pfblocker does not have any binary, just gui files as it uses native pfsense functions.

        Q2) What is the official method for recovering the pfBlocker state after restoring a configuration file?

        Until 1.0.1 release, you need to enable service every time you reinstall package. This prevents a lot of erros on alias and file downloads.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • G
          Gradius
          last edited by

          FYI I'm getting exactly same problem after a reboot.

          368 line error, dunno about the download since I'm on xDSL.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Just updated pfBlocker to 1.0.2 with this and other fixes

            Complete update list is here:
            http://forum.pfsense.org/index.php/topic,42543.msg243313.html#msg243313

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              Thanks, updated pfBlocker 1.0.2 on 1 router with no problems.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.