Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker disabled pf when router was booted with no internet

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttblum
      last edited by

      Hello,

      I just had a router reboot and there was temporarily no internet when it came back up.  No traffic would pass from behind the router then, and it appears that pfBlocker errored out and disabled pf (below).  This is an Alix 2d13 running pfSense 2.0.1 and pfBlocker 1.0.2.

      This router also seems to have squid binaries installed, even though squid isn't shown in the GUI as an installed package, so I think I need to zero out the flash card, reload, and import the config in fresh.

      Is the pf problem related to the squid issue, or is it a lingering problem mentioned in this link below?

      http://forum.pfsense.org/index.php/topic,42543.msg266549.html#msg266549

      
Apr 22 19:50:57 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAfrica.txt.tmp' 'https://127.0.0.1:8443/pf
blocker.php?pfb=pfBlockerAfrica'' returned exit code '1', the output was 'fetch: transfer timed out' 
Apr 22 19:50:57 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAfrica.txt.tmp' > '/var/db/aliastables/pfBlock
erAfrica.txt'' returned exit code '2', the output was '' 
Apr 22 19:51:02 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAsia.txt.tmp' 'https://127.0.0.1:8443/pfbl
ocker.php?pfb=pfBlockerAsia'' returned exit code '1', the output was 'fetch: transfer timed out' 
Apr 22 19:51:02 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAsia.txt.tmp' > '/var/db/aliastables/pfBlocker
Asia.txt'' returned exit code '2', the output was '' 
Apr 22 19:51:07 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerEurope.txt.tmp' 'https://127.0.0.1:8443/pf
blocker.php?pfb=pfBlockerEurope'' returned exit code '1', the output was 'fetch: transfer timed out' 
Apr 22 19:51:07 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerEurope.txt.tmp' > '/var/db/aliastables/pfBlock
erEurope.txt'' returned exit code '2', the output was '' 
Apr 22 19:51:12 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' 'https://127.0.0.1:8
443/pfblocker.php?pfb=pfBlockerSouthAmerica'' returned exit code '1', the output was 'fetch: transfer timed out' 
Apr 22 19:51:12 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' > '/var/db/aliastables/p
fBlockerSouthAmerica.txt'' returned exit code '2', the output was '' 
Apr 22 19:51:17 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' 'https://127.0.0.1:84
43/pfblocker.php?pfb=pfBlockerTopSpammers'' returned exit code '1', the output was 'fetch: transfer timed out' 
Apr 22 19:51:17 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pf
BlockerTopSpammers.txt'' returned exit code '2', the output was '' 
Apr 22 19:52:08 kanth3 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was 'no IP address fo
und for grep: /tmp/rules.test.packages:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tm
p/rules.test.packages:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.test.packag
es:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:23: file "/var
/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:25: file "/var/db/aliasta
bles/pfBlockerTopSpammers.txt" contains bad data' 
Apr 22 19:52:08 kanth3 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
Apr 22 19:52:59 kanth3 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was 'no IP address fo
und for grep: /tmp/rules.test.packages:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tm
p/rules.test.packages:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.test.packag
es:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:23: file "/var
/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:25: file "/var/db/aliasta
bles/pfBlockerTopSpammers.txt" contains bad data' 
...
Apr 22 19:53:49 kanth3 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
Apr 22 19:54:40 kanth3 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:23: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:25: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded' 
...
      1 Reply Last reply Reply Quote 0
      • T
        ttblum
        last edited by

        This happened again, and on a different router - running 2.0.1, pfblocker 1.0.2 on an Alix board:

        May 13 08:57:19	php: : There were error(s) loading the rules: no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ /tmp/rules.debug]:
May 13 08:57:19	php: : New alert found: There were error(s) loading the rules: no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded The line in question reads [ /tmp/rules.debug]:
May 13 08:56:28	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded'
May 13 08:56:28	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded'
May 13 08:55:36	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pfBlockerTopSpammers.txt'' returned exit code '2', the output was ''
May 13 08:55:36	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerTopSpammers'' returned exit code '1', the output was 'fetch: transfer timed out'
May 13 08:55:34	php: : No pfBlocker action during boot process.
May 13 08:55:33	php: : No pfBlocker action during boot process.
May 13 08:55:33	php: : No pfBlocker action during boot process.
May 13 08:55:33	php: : No pfBlocker action during boot process.
May 13 08:55:33	php: : Restarting/Starting all packages.
May 13 08:55:31	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' > '/var/db/aliastables/pfBlockerSouthAmerica.txt'' returned exit code '2', the output was ''
May 13 08:55:31	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerSouthAmerica'' returned exit code '1', the output was 'fetch: transfer timed out'
May 13 08:55:27	check_reload_status: Starting packages
May 13 08:55:27	php: : pfSense package system has detected an ip change -> ... Restarting packages.
May 13 08:55:27	php: : OpenNTPD is starting up.
May 13 08:55:26	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerEurope.txt.tmp' > '/var/db/aliastables/pfBlockerEurope.txt'' returned exit code '2', the output was ''
May 13 08:55:26	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerEurope.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerEurope'' returned exit code '1', the output was 'fetch: transfer timed out'
May 13 08:55:21	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAsia.txt.tmp' > '/var/db/aliastables/pfBlockerAsia.txt'' returned exit code '2', the output was ''
May 13 08:55:21	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAsia.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerAsia'' returned exit code '1', the output was 'fetch: transfer timed out'
May 13 08:55:16	check_reload_status: Reloading filter
May 13 08:55:16	php: : rc.newwanip: on (IP address: 172.19.1.1) (interface: ) (real interface: ovpns1).
May 13 08:55:16	php: : rc.newwanip: Informational is starting ovpns1.
May 13 08:55:16	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAfrica.txt.tmp' > '/var/db/aliastables/pfBlockerAfrica.txt'' returned exit code '2', the output was ''
May 13 08:55:16	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAfrica.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerAfrica'' returned exit code '1', the output was 'fetch: transfer timed out'

        Has anyone else experienced this?

        1 Reply Last reply Reply Quote 0
        • S
          SeventhSon
          last edited by

          yes, the reboots take much longer with pfBlocker, as per the link described.

          But it shouldn't disable pf all together, don't see that it actually does in this case?

          1 Reply Last reply Reply Quote 0
          • T
            ttblum
            last edited by

            Yes, I've had this happen on two occasions.

            Both times the router lost power the night before and the users had no internet access when they came in in the morning.  Disabling pfblocker restored their internet access.

            I have not been able to reproduce this so far on a test router.

            1 Reply Last reply Reply Quote 0
            • S
              SeventhSon
              last edited by

              Maybe you should report this to marcelloc in http://forum.pfsense.org/index.php/topic,42543.0.html? It's probably related to the pfBlocker taking longer to boot up on embedded problem.

              1 Reply Last reply Reply Quote 0
              • T
                ttblum
                last edited by

                Ok.

                To convert a regular computer into a testing router, how do you install the embedded pfSense image, do you just dd the image onto the hard drive?

                1 Reply Last reply Reply Quote 0
                • S
                  SeventhSon
                  last edited by

                  I use VirtualBox myself:
                  http://forum.pfsense.org/index.php?topic=47306.0

                  1 Reply Last reply Reply Quote 0
                  • T
                    ttblum
                    last edited by

                    I was able to reproduce this on a test router, and I have posted this at:

                    http://forum.pfsense.org/index.php/topic,42543.msg340581.html#msg340581

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.