Removing pfblocker

lt1360hp

Well I pulled the plug and did the upgrade from 2.15 to 2.2 and in the process the disk got buggered.

So, I reformatted and did a fresh install and then restore from a backup.  All went well except I see that while the pfblocker package is not installed (and not available for 2.2), the menu item under Firewall is still there and while looking through the config.xml file I see many references to pfblocker.

Is there anyway to de-install this package?  If it has to be done manually, what files would need worked on?  It doesn't seem to be really hurting anything that I can tell, but just concerned that it may somehow interfere with installing pfblockerng.  The one thing I did notice is that it does take much longer to reboot the device now.  About 5 minutes on 2.2.  Maybe its hanging on some of this code?

Thanks,

Dave.

BBcan177

Hi Dave,

I have a script that will clean up the config and remove the previously used pfBlocker files. But I would like to test it on a few boxes if possible before I release it.

If you or any one else is interested, send me a PM and we can run it in a Teamviewer session.

SixXxShooTeR

I don't have the issue where pfBlocker is showing up in my firewall menu but the config.xml does show references to bfblocker.

I wouldn't mind testing the script to remove previously used pfBlocker files.

McFuzz

I ended up manually removing any references to pfBlocker in config.xml followed by cleaning all the database entries; that did the trick on my end - no more references to pfBlocker after my 2.2 clean install (which, btw, was due to a failed 2.1.5 -> 2.2 upgrade).

Visseroth

I'm interested in fixing this as well. I have the exact same problem

BBcan177

Here is a script to remove the previous pfBlocker package from the pfSense config.xml

So please make a full backup before proceeding. Please post back if you were successful in removing the old remnants of this package…

Save this script to  /usr/local/www/removepfb.php

then from your pfSense GUI

https://x.x.x.x:yyy/removepfb.php

(Change x.x.x.x to your pfsense box IP  and yyy to the port setting used.)

It will report to the screen with its activity.

# Script to Remove pfBlocker from Config.xml
#
# by BBCan177@gmail.com
# Copyright (c) 2015

require_once("pfsense-utils.inc");
require_once("config.inc");
require_once("services.inc");
global $config;
print "```
";

print "Removing pfBlocker from the pfSense Configuration file\n\n";
$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers");
foreach ($removal as $remove){
        if (is_array($config['installedpackages'][$remove])){
                unset ($config['installedpackages'][$remove]);
                print "Removed {$remove}\n";
        }
}

# Remove pfBlocker Menu Entry
$pfb_menus = &$config['installedpackages']['menu'];
if (!empty($pfb_menus)) {
        $key = 0;
        foreach ($pfb_menus as $menu) {
                if ($menu['name'] == "pfBlocker") {
                        unset ($pfb_menus[$key]);
                        print "Removed pfBlocker Menu Entry\n";
                }
                $key++;
        }
}

# Remove pfBlocker Package Entry
$pfb_pkg = &$config['installedpackages']['package'];
if (!empty($pfb_pkg)) {
        $key = 0;
        foreach ($pfb_pkg as $pkg) {
                if ($pkg['name'] == "pfBlocker") {
                        unset ($pfb_pkg[$key]);
                        print "Removed pfBlocker Pkg Entry\n";
                }
                $key++;
       }
}

# Remove Widget
$pfb_widgets = $config['widgets']['sequence'];
if (!empty($pfb_widgets)) {
        $widgetlist = explode(",", $pfb_widgets);
        foreach ($widgetlist as $key => $widget) {
                if (strstr($widget, "pfBlocker-container")) {
                        unset($widgetlist[$key]);
                        break;
                }
        }
        $config['widgets']['sequence'] = implode(",", $widgetlist);
}

#Remove any pfBlocker alias tables
if (is_array($config['aliases']['alias'])){
        foreach($config['aliases']['alias'] as $alias){
                if (!preg_match("/^pfBlocker/", $alias['name'])) {
                        $new_aliases[]= $alias;
                }
        }
        $config['aliases']['alias'] = $new_aliases;
}

# Remove pfBlocker Files/Folders
unlink_if_exists ("/usr/local/pkg/pfblocker.inc");
unlink_if_exists ("/usr/local/pkg/pfblocker.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Africa.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Asia.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Europe.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_NorthAmerica.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Oceania.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_SouthAmerica.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_lists.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_sync.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_topspammers.xml");

unlink_if_exists ("/usr/local/www/pfblocker.php");
unlink_if_exists ("/usr/local/www/widgets/widgets/pfBlocker.widget.php");

unlink_if_exists ("/usr/local/pkg/Africa_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Asia_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Europe_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Oceania_cidr.txt");
unlink_if_exists ("/usr/local/pkg/South_America_cidr.txt");

rmdir_recursive ("/usr/local/pkg/pfblocker");
rmdir_recursive ("/usr/local/pkg/pfblocker_aliases");

exec ("/bin/rm /var/db/aliastables/pfBlocker*.*");

# Remove Cron Task
install_cron_job("pfblocker.php cron", false);

# Save Configuration
write_config("Removed pfBlocker");
?>

Visseroth

as soon as I can get my virtual machine to work correctly I'll test and report back. My virtual machine has been EXTREMELY laggy. We're talking 30 minutes for it to change interface ip schemes.
Had it not been for that I would have gotten back to you this weekend and on the week days I've been busy.
So I'll let you know when I know more

However the more people test the better..

Thanks!

vlurk

I had the same issue on my box, and I wanted to try this script so I did… It didn't break anything except that of course, I had to delete/modify any rules that had the table alias in reference.

This said, it didn't remove the pfBlocker menu entry under the "Firewall" menu, but it did remove the widget I had on the dashboard.

The output I received from the script was;

Removing pfBlocker from the pfSense Configuration file

Removed pfblocker
Removed pfblockerlists
Removed pfBlocker Menu Entry

I inspected the config file… It left the cron entry which looks like this;

<minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/bin/php -q /usr/local/www/pfblocker.php cron

and of course, the menu item;

<menu>
<name>pfBlocker</name>
<tooltiptext>Configure pfblocker</tooltiptext>
Firewall
<url>/pkg_edit.php?xml=pfblocker.xml</url>
</menu>

I tried to run the script again but I got the same results.

I should be able to do the cleanup myself quite easily now, thanks! But if you would like to edit/finalize your script, I can wait a couple of days before I do it manually; I'm not in a hurry…

lt1360hp

Same result as vlurk.  Script ran but left menu entry.  Cron job was also still left.

Thanks also for the script.  It did automate most of the drudgery.

lt1360hp

Spoke too soon.  When I further examined the conf.xml file, the pfblocker stuff was still in there.  When I try to manually remove it, pfsense must see the difference and "saves" itself by overwriting with a backup.

doktornotor

@lt1360hp:

When I try to manually remove it, pfsense must see the difference and "saves" itself by overwriting with a backup.

No, that's just because you are creating errors in the XML by incorrect edits.

lt1360hp

BBcan177:

i re-ran your updated script and it did this time remove the menu entry under Firewall for pfblocker.  Thank you.

I then inspected the config.xml file and still see the entries under Installed Packages->Services for pfblocker.  It looks like this:

		 <pfblockertopspammers><config><countries>KR,CN,IN,RU,TR,VN,UA,BR,VE,PK</countries>
				<action>Deny_Inbound</action></config></pfblockertopspammers> 
		 <pfblockerafrica><config><countries><action>Deny_Inbound</action></countries></config></pfblockerafrica> 
		 <pfblockerasia><config><countries>IL,JP</countries>
				<action>Permit_Inbound</action></config></pfblockerasia> 
		 <pfblockeroceania><config><countries>AU,NZ</countries>
				<action>Permit_Inbound</action></config></pfblockeroceania> 
		 <pfblockersouthamerica><config><countries><action>Deny_Inbound</action></countries></config></pfblockersouthamerica> 
		 <pfblockereurope><config><countries>AX,AL,AD,BY,BA,BG,EE,FO,GG,IM,JE,CS,LV,MK,MT,MD,ME,RU,RS,UA</countries>
				<action>Deny_Inbound</action></config></pfblockereurope> 
		 <pfblockernorthamerica><config><countries>CA,PR,US</countries>
				<action>Permit_Inbound</action></config></pfblockernorthamerica> 

I manually edited (removed) this file removing these entries and it loaded OK, so maybe I am good now.

Thanks again for your help.

BBcan177

Thanks lt1360hp,

I made a fix to remove those xml tags also.

If anyone else runs the script, they can run the following command after running the removal script to ensure it removed all the the old reminents of the previous version of pfblocker.

grep "pfblocker" /conf/config.xml | grep -v "pfblockerng" 

Melphiz

As I have the same issue and like to run your script, I'm not sure where and how to do so.

Via Command Prompt? If yes, php execute? Which port setting do you mean? (I only know ssh port).

I'm a bit lost here.

There is no pfblocker menu and no pfblocker alias but I had it setup so it takes a .txt file from our website where several hourly updated domain names are listed as IP. But now it blocks it for everyone not just the set alias group. But as pfblocker ain't anymore, I can't access it and need this script to (hopefully) remove all the things related to pfblocker.

(we can't access google atm. due to youtube being on that block list which was only for a specific alias group and not for everyone … no the alias does not exist anymore but the block is still active but not visible in the firewall rules)

E: Ah, you meant to type it into the URL bar of the browser from pfsense GUI? Wasn't sure about which port so I tried it now without a port and it seems to have run and deleted all the stuff from the config file. I just hope that solves my issue now. [well had DNS Forwarder also still active instead of DNS Resolver, and that one assigned youtube IP to google IP to clients even though it resolved it correctly itself.]

E2: No, that's not solving the issue now … pfsense still blocks all IPs that were in an earlier alias which were taken from a .txt list for all clients. Really, I'm lost, I don't know how to resolve this problem. I have deleted the .txt file and do not see a cron job grabbing it again, I have rebooted the firewall and restarted PC and flushed DNS and still ... pfsense gives youtube IP to PC instead of google IP. and this specific youtube IP was part of the IP list in the alias that was blocked for specific computers/IPs but not for all.

BBcan177

Hi Melphiz,

Before attempting to use packages, ensure that you have basic connectivity working. Take a look at the firewall rules and remove or disable any rules related to the old pfBlocker.

The text file of IPs that you have for youtube might have changed. What was the source of this list?

Melphiz

Hi BBcan177,

The list was created via nslookup on a windows server that uploaded the list to our FTP server.
So, yes, the content did ofc change, as google/youtube change their IPs even within a few hours I noticed.

The specific IP that gets blocked by pfsense is 145.253.36.96 BUT only on opt1 not on WAN I noticed.

So again: Pfsense has 8.8.8.8 as DNS for WAN (ADSL) and 8.8.4.4 for opt1 (LTE). The alias (which was originally autocreated by pfBlocker) using the mentioned IP list file was set for several PCs that were and are using WAN for internet access. (so the reject rule was visible at LAN tab)

Now the issue is funnily the opposite: users on opt1 (there's a rule on LAN tab that directs an alias group to that gateway instead of using WAN [default] can't access/ping the given IP. Pfsense gives this IP to the clients as google.de next time as google.com sometimes for google.de/com and youtube.de/com. It's weird, because using dns lookup at pfsense itself shows this IP only for google.com.

Anyway if I disable the rule for opt1 users so that they use WAN, they can ping the 145.*
If I set either 8.8.8.8 or 8.8.4.4 on a PC/client as DNS instead of the firewall, the ping also is successful.

I tried recreating the alias group that used this IP in the firewall and set it to pass but nothing of it worked. I don't even know why now it's rejecting for opt1 when the alias was originally for WAN. But that IP address was listed in that alias (I still checked the old .txt file yesterday on the FTP), so that's the reason I think this issue is/was caused by pfBlocker.

As I'm usually late updating the firewall (I barely find to for it as it can't be done during a working day, ofc) I run late into those problems. (Well, the pfsense was also still using DNS Forwarder instead of the new(?) DNS Resolver, but that had nothing to do with it, the issue remains on either service).

After your script I can't find anything else related to the previous pfBlocker but that IP that was on the alias list still gets rejected. I know this problem seems to not fit into the thread anymore, but I still hope you may have an idea what I could do about it, thanks.

BBcan177

Hi Melphiz,

You could also create a script to run on the pfSense box locally to collect those IPs.

You have to remember that pfBlockerNG doesn't block anything directly. All it does is collect IPs from the Threat Sources and creates Firewall Rules on the selected interfaces. All of the blocking/rejecting/permitting is done via pfSense Firewall Rules.

I believe that Google DNS is trying to re-route the Youtube blocking to other IPs. If you are using Unbound in 2.2, you should use it as a DNS Resolver (Not a forwarder), so it will use the Root DNS Servers for resolving DNS Requests. This will eliminate Google DNS from manipulating the DNS requests. There are other threads where you can get instructions on how to properly configure Unbound.

vronp

Hi,

I ran this check and the following remains:

<tab><text>General</text>
                        <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url>
                        <active></active></tab>

@BBcan177:

Thanks lt1360hp,

I made a fix to remove those xml tags also.

If anyone else runs the script, they can run the following command after running the removal script to ensure it removed all the the old reminents of the previous version of pfblocker.

grep "pfblocker" /conf/config.xml | grep -v "pfblockerng" 

BBcan177

Hi vronp,

That's fine. That is just telling you that the last active menu tab was pfBlocker.  If you click another menu item in pfSense and re-run the grep command it should clear that.

Seb

I tried running the script below on a server running 2.2.2 (without the pfBlocker package as it is not available for 2.2.x) where the config had been restored from a server with 2.1.5 and the pfBlocker package on and it didn't work: the config still had the pfBlocker config in…  Output at the bottom of this post:

@BBcan177:

Here is a script to remove the previous pfBlocker package from the pfSense config.xml

So please make a full backup before proceeding. Please post back if you were successful in removing the old remnants of this package…

Save this script to  /usr/local/www/removepfb.php

then from your pfSense GUI

https://x.x.x.x:yyy/removepfb.php

(Change x.x.x.x to your pfsense box IP  and yyy to the port setting used.)

It will report to the screen with its activity.

# Script to Remove pfBlocker from Config.xml
#
# by BBCan177@gmail.com
# Copyright (c) 2015

require_once("pfsense-utils.inc");
require_once("config.inc");
require_once("services.inc");
global $config;
print "```
";

print "Removing pfBlocker from the pfSense Configuration file\n\n";
$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers");
foreach ($removal as $remove){
        if (is_array($config['installedpackages'][$remove])){
                unset ($config['installedpackages'][$remove]);
                print "Removed {$remove}\n";
        }
}

# Remove pfBlocker Menu Entry
$pfb_menus = &$config['installedpackages']['menu'];
if (!empty($pfb_menus)) {
        $key = 0;
        foreach ($pfb_menus as $menu) {
                if ($menu['name'] == "pfBlocker") {
                        unset ($pfb_menus[$key]);
                        print "Removed pfBlocker Menu Entry\n";
                }
                $key++;
        }
}

# Remove pfBlocker Package Entry
$pfb_pkg = &$config['installedpackages']['package'];
if (!empty($pfb_pkg)) {
        $key = 0;
        foreach ($pfb_pkg as $pkg) {
                if ($pkg['name'] == "pfBlocker") {
                        unset ($pfb_pkg[$key]);
                        print "Removed pfBlocker Pkg Entry\n";
                }
                $key++;
       }
}

# Remove Widget
$pfb_widgets = $config['widgets']['sequence'];
if (!empty($pfb_widgets)) {
        $widgetlist = explode(",", $pfb_widgets);
        foreach ($widgetlist as $key => $widget) {
                if (strstr($widget, "pfBlocker-container")) {
                        unset($widgetlist[$key]);
                        break;
                }
        }
        $config['widgets']['sequence'] = implode(",", $widgetlist);
}

#Remove any pfBlocker alias tables
if (is_array($config['aliases']['alias'])){
        foreach($config['aliases']['alias'] as $alias){
                if (!preg_match("/^pfBlocker/", $alias['name'])) {
                        $new_aliases[]= $alias;
                }
        }
        $config['aliases']['alias'] = $new_aliases;
}

# Remove pfBlocker Files/Folders
unlink_if_exists ("/usr/local/pkg/pfblocker.inc");
unlink_if_exists ("/usr/local/pkg/pfblocker.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Africa.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Asia.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Europe.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_NorthAmerica.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_Oceania.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_SouthAmerica.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_lists.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_sync.xml");
unlink_if_exists ("/usr/local/pkg/pfblocker_topspammers.xml");

unlink_if_exists ("/usr/local/www/pfblocker.php");
unlink_if_exists ("/usr/local/www/widgets/widgets/pfBlocker.widget.php");

unlink_if_exists ("/usr/local/pkg/Africa_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Asia_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Europe_cidr.txt");
unlink_if_exists ("/usr/local/pkg/Oceania_cidr.txt");
unlink_if_exists ("/usr/local/pkg/South_America_cidr.txt");

rmdir_recursive ("/usr/local/pkg/pfblocker");
rmdir_recursive ("/usr/local/pkg/pfblocker_aliases");

exec ("/bin/rm /var/db/aliastables/pfBlocker*.*");

# Remove Cron Task
install_cron_job("pfblocker.php cron", false);

# Save Configuration
write_config("Removed pfBlocker");
?>

The output for me was:

Removing pfBlocker from the pfSense Configuration file

Removed pfblocker
Removed pfblockerlists
Removed pfblockertopspammers
Removed pfBlocker Menu Entry

Fatal error: Call to undefined function getUserEntry() in /etc/inc/config.lib.inc on line 501

Should I just remove the config manually using the nested grep example BBcan177 gave?

grep "pfblocker" /conf/config.xml | grep -v "pfblockerng"

Seb

P.S. The script removed nothing as far as I could tell: the pfBlocker rules were still present and the menu entry was still present.

BBcan177

It won't remove the rules but it should remove the menu entry. Is this a full install version of pfSense. Might need to put the system into RW mode to save the changes if it's a nano/flash type version.

mloiterman

greping the config file still shows 'pfblockersync'.  Should that be there?

BBcan177

@mloiterman:

greping the config file still shows 'pfblockersync'.  Should that be there?

Thanks for pointing that out. I can't edit my original post, but please edit the script to include "pfblockersync" as follows:

Original

$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers");

New

$removal = array("pfblocker", "pfblockerlists", "pfblockerafrica", "pfblockerantartica", "pfblockerasia", "pfblockereurope", "pfblockernorthamerica", "pfblockeroceania", "pfblockersouthamerica", "pfblockertopspammers", "pfblockersync");

glenewhittenberggmail.co

script saved me. upgraded from 2.2.4 to 2.3.1 and pfblocker broke. Tried remove and reinstall no go. was able to get to router but not out to internet. ran script, rebooted, and all my problems are gone. Thanks!

yuljk

Just tried running this - after copying the script to my pfsense VM.

I ran the script from Chrome and it just outputs 'Removing pfBlocker from the pfSense Configuration file'

Where exactly am I executing the script from?

Thanks

RonpfS

The script is outdated.

RonpfS

To install or re-install pfBlockerNG 2.1.1_2
https://forum.pfsense.org/index.php?topic=102470.msg647719#msg647719

Then you can install or re-install the pfBlockerNG 2.1.1_2.
The install should update the MaxMind (this take 5+ minutes) and proceed to completion.

Then you can remove the package

yuljk

Many thanks for the new fix.

I have attempted a new install after modifying config.inc.  However the pfBlockerng entry under my firewall menu is not visible.

Installation log:-

Installing pfSense-pkg-pfBlockerNG…
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
pfSense-pkg-pfBlockerNG: 2.1.1_2 [pfSense]
whois: 5.1.5 [pfSense]
GeoIP: 1.6.9 [pfSense]
lighttpd: 1.4.39_1 [pfSense]
grepcidr: 2.0 [pfSense]
aggregate: 1.6_1 [pfSense]

Number of packages to be installed: 6

The process will require 2 MiB more space.
[1/6] Installing whois-5.1.5…
[1/6] Extracting whois-5.1.5: …....... done
[2/6] Installing GeoIP-1.6.9…
[2/6] Extracting GeoIP-1.6.9: …....... done
[3/6] Installing lighttpd-1.4.39_1…
[3/6] Extracting lighttpd-1.4.39_1: …....... done
[4/6] Installing grepcidr-2.0…
[4/6] Extracting grepcidr-2.0: ….. done
[5/6] Installing aggregate-1.6_1…
[5/6] Extracting aggregate-1.6_1: …. done
[6/6] Installing pfSense-pkg-pfBlockerNG-2.1.1_2…
[6/6] Extracting pfSense-pkg-pfBlockerNG-2.1.1_2: …....... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...
MaxMind GeoIP databases previously downloaded.
Adding pfBlockerNG Widget to the Dashboard... done.
Remove any existing and create link for DNSBL lighttpd executable... done.
Creating DNSBL web server start-up script... done.
Upgrading Adv. Inbound firewall rule settings ... no changes required ... done.
Custom commands completed ... done.
Executing custom_php_resync_config_command()...pkg: POST-INSTALL script failed
Message from GeoIP-1.6.9:
GeoIP does not ship with the actual data files. You must download
them yourself! Please run:

/usr/local/bin/geoipupdate.sh

Cleaning up cache... done.
Success

Immediately after install I get a crash report:-

Crash report begins.  Anonymous machine information:

amd64
10.3-RELEASE-p5
FreeBSD 10.3-RELEASE-p5 #0 7307492(RELENG_2_3_2): Tue Jul 19 13:29:35 CDT 2016    root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[14-Aug-2016 14:42:20 Europe/London] PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 72 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3874
[14-Aug-2016 14:42:20 Europe/London] PHP Stack trace:
[14-Aug-2016 14:42:20 Europe/London] PHP  1. {main}() /etc/rc.start_packages:0
[14-Aug-2016 14:42:20 Europe/London] PHP  2. sync_package() /etc/rc.start_packages:90
[14-Aug-2016 14:42:20 Europe/London] PHP  3. eval() /etc/inc/pkg-utils.inc:631
[14-Aug-2016 14:42:20 Europe/London] PHP  4. sync_package_pfblockerng() /etc/inc/pkg-utils.inc(631) : eval()'d code:3
[14-Aug-2016 14:42:20 Europe/London] PHP  5. file() /usr/local/pkg/pfblockerng/pfblockerng.inc:3874

Pfsense 2.3.2 running on ESXi 6 VM with 2GB RAM and 4vCPUs

Many thanks

digdug3

// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
	ini_set("memory_limit", "512M");
} else {
	ini_set("memory_limit", "256M");
}

You are using the AMD64 version, try to increase to 768M:

if ($ARCH == "amd64") {
	ini_set("memory_limit", "768M");
} else {
	ini_set("memory_limit", "256M");
}

Or wait until BBCan releases the fix

RonpfS

To increase memory_limit over 512M you also need to fix /usr/local/etc/php.ini, /etc/rc.php_ini_setup