Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfBlocker disabled pf when router was booted with no internet

    pfSense Packages
    2
    8
    2026
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttblum last edited by

      Hello,

      I just had a router reboot and there was temporarily no internet when it came back up.  No traffic would pass from behind the router then, and it appears that pfBlocker errored out and disabled pf (below).  This is an Alix 2d13 running pfSense 2.0.1 and pfBlocker 1.0.2.

      This router also seems to have squid binaries installed, even though squid isn't shown in the GUI as an installed package, so I think I need to zero out the flash card, reload, and import the config in fresh.

      Is the pf problem related to the squid issue, or is it a lingering problem mentioned in this link below?

      http://forum.pfsense.org/index.php/topic,42543.msg266549.html#msg266549

      
      Apr 22 19:50:57 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAfrica.txt.tmp' 'https://127.0.0.1:8443/pf
      blocker.php?pfb=pfBlockerAfrica'' returned exit code '1', the output was 'fetch: transfer timed out' 
      Apr 22 19:50:57 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAfrica.txt.tmp' > '/var/db/aliastables/pfBlock
      erAfrica.txt'' returned exit code '2', the output was '' 
      Apr 22 19:51:02 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAsia.txt.tmp' 'https://127.0.0.1:8443/pfbl
      ocker.php?pfb=pfBlockerAsia'' returned exit code '1', the output was 'fetch: transfer timed out' 
      Apr 22 19:51:02 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAsia.txt.tmp' > '/var/db/aliastables/pfBlocker
      Asia.txt'' returned exit code '2', the output was '' 
      Apr 22 19:51:07 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerEurope.txt.tmp' 'https://127.0.0.1:8443/pf
      blocker.php?pfb=pfBlockerEurope'' returned exit code '1', the output was 'fetch: transfer timed out' 
      Apr 22 19:51:07 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerEurope.txt.tmp' > '/var/db/aliastables/pfBlock
      erEurope.txt'' returned exit code '2', the output was '' 
      Apr 22 19:51:12 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' 'https://127.0.0.1:8
      443/pfblocker.php?pfb=pfBlockerSouthAmerica'' returned exit code '1', the output was 'fetch: transfer timed out' 
      Apr 22 19:51:12 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' > '/var/db/aliastables/p
      fBlockerSouthAmerica.txt'' returned exit code '2', the output was '' 
      Apr 22 19:51:17 kanth3 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' 'https://127.0.0.1:84
      43/pfblocker.php?pfb=pfBlockerTopSpammers'' returned exit code '1', the output was 'fetch: transfer timed out' 
      Apr 22 19:51:17 kanth3 php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pf
      BlockerTopSpammers.txt'' returned exit code '2', the output was '' 
      Apr 22 19:52:08 kanth3 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was 'no IP address fo
      und for grep: /tmp/rules.test.packages:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tm
      p/rules.test.packages:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.test.packag
      es:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:23: file "/var
      /db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:25: file "/var/db/aliasta
      bles/pfBlockerTopSpammers.txt" contains bad data' 
      Apr 22 19:52:08 kanth3 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
      Apr 22 19:52:59 kanth3 php: : The command '/sbin/pfctl -nf /tmp/rules.test.packages' returned exit code '1', the output was 'no IP address fo
      und for grep: /tmp/rules.test.packages:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tm
      p/rules.test.packages:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.test.packag
      es:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:23: file "/var
      /db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.test.packages:25: file "/var/db/aliasta
      bles/pfBlockerTopSpammers.txt" contains bad data' 
      ...
      Apr 22 19:53:49 kanth3 php: : There was an error while parsing the package filter rules for /usr/local/pkg/squid.inc.
      Apr 22 19:54:40 kanth3 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:17: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:19: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:21: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:23: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:25: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded' 
      ...
      
      
      1 Reply Last reply Reply Quote 0
      • T
        ttblum last edited by

        This happened again, and on a different router - running 2.0.1, pfblocker 1.0.2 on an Alix board:

        May 13 08:57:19	php: : There were error(s) loading the rules: no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ /tmp/rules.debug]:
        May 13 08:57:19	php: : New alert found: There were error(s) loading the rules: no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded The line in question reads [ /tmp/rules.debug]:
        May 13 08:56:28	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded'
        May 13 08:56:28	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'no IP address found for grep: /tmp/rules.debug:18: file "/var/db/aliastables/pfBlockerAfrica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:20: file "/var/db/aliastables/pfBlockerAsia.txt" contains bad data no IP address found for grep: /tmp/rules.debug:22: file "/var/db/aliastables/pfBlockerEurope.txt" contains bad data no IP address found for grep: /tmp/rules.debug:24: file "/var/db/aliastables/pfBlockerSouthAmerica.txt" contains bad data no IP address found for grep: /tmp/rules.debug:26: file "/var/db/aliastables/pfBlockerTopSpammers.txt" contains bad data pfctl: Syntax error in config file: pf rules not loaded'
        May 13 08:55:36	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pfBlockerTopSpammers.txt'' returned exit code '2', the output was ''
        May 13 08:55:36	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerTopSpammers'' returned exit code '1', the output was 'fetch: transfer timed out'
        May 13 08:55:34	php: : No pfBlocker action during boot process.
        May 13 08:55:33	php: : No pfBlocker action during boot process.
        May 13 08:55:33	php: : No pfBlocker action during boot process.
        May 13 08:55:33	php: : No pfBlocker action during boot process.
        May 13 08:55:33	php: : Restarting/Starting all packages.
        May 13 08:55:31	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' > '/var/db/aliastables/pfBlockerSouthAmerica.txt'' returned exit code '2', the output was ''
        May 13 08:55:31	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerSouthAmerica'' returned exit code '1', the output was 'fetch: transfer timed out'
        May 13 08:55:27	check_reload_status: Starting packages
        May 13 08:55:27	php: : pfSense package system has detected an ip change -> ... Restarting packages.
        May 13 08:55:27	php: : OpenNTPD is starting up.
        May 13 08:55:26	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerEurope.txt.tmp' > '/var/db/aliastables/pfBlockerEurope.txt'' returned exit code '2', the output was ''
        May 13 08:55:26	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerEurope.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerEurope'' returned exit code '1', the output was 'fetch: transfer timed out'
        May 13 08:55:21	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAsia.txt.tmp' > '/var/db/aliastables/pfBlockerAsia.txt'' returned exit code '2', the output was ''
        May 13 08:55:21	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAsia.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerAsia'' returned exit code '1', the output was 'fetch: transfer timed out'
        May 13 08:55:16	check_reload_status: Reloading filter
        May 13 08:55:16	php: : rc.newwanip: on (IP address: 172.19.1.1) (interface: ) (real interface: ovpns1).
        May 13 08:55:16	php: : rc.newwanip: Informational is starting ovpns1.
        May 13 08:55:16	php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerAfrica.txt.tmp' > '/var/db/aliastables/pfBlockerAfrica.txt'' returned exit code '2', the output was ''
        May 13 08:55:16	php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAfrica.txt.tmp' 'https://127.0.0.1:8443/pfblocker.php?pfb=pfBlockerAfrica'' returned exit code '1', the output was 'fetch: transfer timed out'
        

        Has anyone else experienced this?

        1 Reply Last reply Reply Quote 0
        • S
          SeventhSon last edited by

          yes, the reboots take much longer with pfBlocker, as per the link described.

          But it shouldn't disable pf all together, don't see that it actually does in this case?

          1 Reply Last reply Reply Quote 0
          • T
            ttblum last edited by

            Yes, I've had this happen on two occasions.

            Both times the router lost power the night before and the users had no internet access when they came in in the morning.  Disabling pfblocker restored their internet access.

            I have not been able to reproduce this so far on a test router.

            1 Reply Last reply Reply Quote 0
            • S
              SeventhSon last edited by

              Maybe you should report this to marcelloc in http://forum.pfsense.org/index.php/topic,42543.0.html? It's probably related to the pfBlocker taking longer to boot up on embedded problem.

              1 Reply Last reply Reply Quote 0
              • T
                ttblum last edited by

                Ok.

                To convert a regular computer into a testing router, how do you install the embedded pfSense image, do you just dd the image onto the hard drive?

                1 Reply Last reply Reply Quote 0
                • S
                  SeventhSon last edited by

                  I use VirtualBox myself:
                  http://forum.pfsense.org/index.php?topic=47306.0

                  1 Reply Last reply Reply Quote 0
                  • T
                    ttblum last edited by

                    I was able to reproduce this on a test router, and I have posted this at:

                    http://forum.pfsense.org/index.php/topic,42543.msg340581.html#msg340581

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy