PfBlocker seems completely broken since last build



  • HI,

    since I upgraded to 2.2-RC (amd64)
    built on Fri Dec 26 18:11:24 CST 2014
    FreeBSD 10.1-RELEASE-p3

    , I upgraded regularly before so the last build before was from 24th, pfblocker behaves strange. I already submitted two crash reports, this is the last one :

    Crash report begins.  Anonymous machine information:

    amd64
    10.1-RELEASE-p3
    FreeBSD 10.1-RELEASE-p3 #0 8bdb2f8(releng/10.1)-dirty: Fri Dec 26 18:44:02 CST 2014    root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10

    Crash report details:

    PHP Errors:
    in /usr/local/pkg/pfblocker.inc on line 256
    in /usr/local/pkg/pfblocker.inc on line 256

    So, what happens :
    I use pfblocker only for creating an alias which I used in my firewall rules and it worked perfectly until recently.

    I upgraded on Dec. 27th 14:00, today I am checking my system logs :
    Dec 27 23:00:00 php: pfblocker.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.
    Dec 27 23:00:01 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 27 23:00:01 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 27 23:00:01 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 27 23:00:01 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 27 23:00:01 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:44:41 php-fpm[6411]: /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AirVPN_WAN_GW.
    Dec 28 01:44:41 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:44:41 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 01:44:41 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:44:41 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 01:44:41 php-fpm[6411]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:45:34 php-fpm[55355]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:45:34 php-fpm[55355]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 01:45:34 php-fpm[55355]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 01:45:34 php-fpm[55355]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 01:45:34 php-fpm[55355]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 09:51:17 php-fpm[76445]: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.
    Dec 28 09:51:18 php-fpm[4173]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 09:51:18 php-fpm[4173]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 09:51:18 php-fpm[4173]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'
    Dec 28 09:51:18 php-fpm[4173]: /rc.filter_configure_sync: New alert found: Unresolvable destination alias 'pfBlockerBadIP' for rule 'Reject pfBlocker IPs'
    Dec 28 09:51:18 php-fpm[4173]: /rc.filter_configure_sync: New alert found: Unresolvable source alias 'pfBlockerBadIP' for rule 'Don't log pfBlocker IPs'

    I am seeing this constantly, so after logging in I just saw that my pfBlocker List "BadIP" was still there but the alias which is created out of this list was missing.
    pfBlocker was not enabled what you also don't need normally when only using the alias.
    But just saving the list again didn't create an alias
    So I enabled pfBlocker and did a SAVE.

    But what I had then? Then I had an alias called "admin" with the pfBlocker list in it and ALL of my firewall rules were automatically changed from "pfBlockerBadIP" to alias "admin". REALLY bad taste.
    So I wanted to check where that comes from.

    In the pfblocker XMLRP sync tab now there is some information filled out that was not there before. Even if the sync button is unchecked it does something when you do a save, it creates this ugly "admin" alias.
    You even can't delete this information in the tab.

    When you rename the alias created from "admin" to "pfBlockerBadIP" this seems to work, but I don't know for how long, until some sync process is triggered I think.

    Because even when you open the alias the name is not pfBlockerBadIP, it's … "alias"... really strange.

    And on top of that all there are the crash reports constantly. A fresh install of pfBlocker didn't solve the problem at all.

    *EDIT * next crash, please tell me what to do here..., the crash reports appear everytime you just save something in pfBlocker.

    ![2014-12-28 10_54_15-Diagnostics_ Crash reporter.jpg](/public/imported_attachments/1/2014-12-28 10_54_15-Diagnostics_ Crash reporter.jpg)
    ![2014-12-28 10_48_41-Firewall_ Aliases_ Edit.jpg_thumb](/public/imported_attachments/1/2014-12-28 10_48_41-Firewall_ Aliases_ Edit.jpg_thumb)
    ![2014-12-28 10_48_41-Firewall_ Aliases_ Edit.jpg](/public/imported_attachments/1/2014-12-28 10_48_41-Firewall_ Aliases_ Edit.jpg)
    ![2014-12-28 10_46_12-Firewall_ Aliases.jpg_thumb](/public/imported_attachments/1/2014-12-28 10_46_12-Firewall_ Aliases.jpg_thumb)
    ![2014-12-28 10_46_12-Firewall_ Aliases.jpg](/public/imported_attachments/1/2014-12-28 10_46_12-Firewall_ Aliases.jpg)
    ![2014-12-28 10_42_54-Firewall_ pfBlocker.jpg_thumb](/public/imported_attachments/1/2014-12-28 10_42_54-Firewall_ pfBlocker.jpg_thumb)
    ![2014-12-28 10_42_54-Firewall_ pfBlocker.jpg](/public/imported_attachments/1/2014-12-28 10_42_54-Firewall_ pfBlocker.jpg)
    ![2014-12-28 10_54_15-Diagnostics_ Crash reporter.jpg_thumb](/public/imported_attachments/1/2014-12-28 10_54_15-Diagnostics_ Crash reporter.jpg_thumb)


  • Banned

    The pfblockerNG package is about to be committed and works a LOT better than the old pfblocker package.

    It was designed for 1.2.3.



  • Ok, so this means better wait for the new package….


  • Banned

    YES :)



  • O what a shame, the thing with the "admin" in the fields was caused by a broken firefox plugin which filled these fields  :o ::)
    But nonetheless after fixing that I am getting still crash reports when saving something in pfBlocker.

    But we already know now that we should wait on pfblocker-ng anyway  8)



  • Supermule, what time frame are we looking at for pfblocker-NG release?



  • @samham:

    Supermule, what time frame are we looking at for pfblocker-NG release?

    Any update??


  • Banned

    It should be in the final stages and are waiting for at commit….

    I will link this to Anthony so he can comment on it :)



  • I think it's been submitted - it's awaiting review/approval by "the powers that be".




  • Banned

    It seems a merge has taken place into pfsense master…

    https://github.com/pfsense/pfsense-packages/pull/743

    So I guess it means it should be available quite soon...



  • It was merged to make it easier for Renato to review the code.  It's a lot of code, it might take a bit. Get excited, it is awesome when combined with Snort or Suricata.



  • @wcrowder:

    Get excited, it is awesome when combined with Snort or Suricata.

    There is a lot to be excited about with pfBlockerNG…

    The cost/benefit ratio of maintaining and monitoring pfBlockerNG is very high. Suricata's in IDS mode is rather low in comparison. pfBlockerNG actually pushed me over the edge to remove Suricata.

    If Suricata could be used in IPS mode I might put it back in play. But as it sits I'd rather put the effort into maintaining block lists.

    Your mileage may vary.


  • Banned

    And it was actually my idea to begin with ;)


Log in to reply