PfBlockerNG
-
For those of you that followed the bypass to install the Package, please follow these suggestions:
- Enable "Keep Settings" in the pfBlockerNG General Tab. On a Re-install, the first step is a De-Install of the package. So without enabling this setting, you will lose all configured settings on a "Re-Install".
So please ensure that this is "Checked". You will need to hit "Save" to have it apply!!
- There is a v1.0 of pfBlockerNG Posted with a minor revision for an IBlock issue. I believe you will need to ensure that the bypass method used on the first Install, is activated before proceeding with the Update or the Re-Install will FAIL.
Please ensure you Backup as always before proceeding with any Updates.
-
I don't see the package listed yet!!!
-
I don't see the package listed yet!!!
Its not Official Yet.. I was referring to those Users who followed the Bypass methods in this thread to get it Installed.
-
marcelloc sent a pull request, I'm assuming it should be official shortly
-
I seen it in packages today. Got the update from it.
-
@BBCan:
Thanks for mailing me I was (almost) missing all the fun ;)
The package really needs to be released officially!Great marcelloc pointed out the old pfblocker is now obsolete and should be replaced with pfBlockerNG.
-
Not in my package list yet (just the old blocker package). Looking forward to it though!!
I seen it in packages today. Got the update from it.
-
See:
https://forum.pfsense.org/index.php?topic=86212.msg481358#msg481358Make sure you read this entire thread.
Not in my package list yet (just the old blocker package). Looking forward to it though!!
I seen it in packages today. Got the update from it.
-
-
The pull request needs to be merged by pfsense team before you can use it without any hacks.
-
Ha, ha, ha… I was wondering the same thing too!
-
I used the patch method to install pfBlockerNG, and it was working well on two machines until a reboot. After a reboot the country block lists in /var/db/aliastables/ are all empty but for a single entry of 1.1.1.1.
Forcing an update does not fetch the correct files, and no blocking is taking place.
-
I used the patch method to install pfBlockerNG, and it was working well on two machines until a reboot.
Is this a Nano install where the /var folder is getting deleted on reboot?
This is a question I have asked the Devs to find a solution for… As these files should be stored in the /var folder. The previous pfBlocker package used to store the files in the /usr/local folder. This issue is only limited to Nano and Ramdisk type installs.
Run the following shell command to Re-Download the Maxmind Database, and restore the Country code files in the /var folder.
php /usr/local/www/pfblockerng/pfblockerng.php dc
Following that, execute a "Force Update"
-
Is this a Nano install where the /var folder is getting deleted on reboot?
I guess so.
You may need a conf mount rw to backup data on package save.
I found a long time ago a guide to run nanobsd on virtual machine. This way will be easier to debug cf installs.
-
You may need a conf mount rw to backup data on package save.
I found a long time ago a guide to run nanobsd on virtual machine. This way will be easier to debug cf installs.
Yes, I have a similar doc on that running a Nano in a VM. In this instance, there is nothing to debug.. The /var/db folder which contains the Maxmind Country files get wiped on reboot. I can make a hack way around it in the code which probably is not the best.
This is a question I have posed to the Devs, but I am waiting on feedback for the best approach. I do not want to save these files to the /usr/local folder.
Maybe could put it in the PBI Share Folder?
-
Yes indeed, it is a nano install. Thank you for the fix!
-
The /var/db folder which contains the Maxmind Country files get wiped on reboot. I can make a hack way around it in the code which probably is not the best.
This is a question I have posed to the Devs, but I am waiting on feedback for the best approach. I do not want to save these files to the /usr/local folder.
Maybe could put it in the PBI Share Folder?The /var/db thing is rather unfortunate, not just b/c it's volatile but also since the directory is pretty huge. Takes over 1/3 of the default /var ramdisk.
-
pfBlockerNG needs the Maxmind database country codes otherwise most of the functions will not work.
-
pfBlockerNG needs the Maxmind database country codes otherwise most of the functions will not work.
Hmmm, yeah… and the point being? It's already there.
-
The point being if we added a "disable country codes" mode then you would free up the memory.
This can be a solution for low-memory devices, but then you would miss out all the benefits like reputation, country blocking etc.