PfBlocker failure after 2.1.5 -> 2.2.1 upgrade



  • My much loved pfBlocker is barfing up this after upgrading to 2.2.1.  Don't really know what to do.

    Warning: include(/usr/local/www/widgets/widgets/pfBlocker.widget.php): failed to open stream: No such file or directory in /usr/local/www/index.php on line 742 Warning: include(): Failed opening '/usr/local/www/widgets/widgets/pfBlocker.widget.php' for inclusion (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /usr/local/www/index.php on line 742


  • Moderator

    The previous version of pfBlocker has been replaced in 2.2.x with pfBlockerNG.
    There is no migration of the settings from the old to the new.
    https://forum.pfsense.org/index.php?topic=86212.0

    Here is a script to remove the old configuration from the pfSense config.xml file:
    https://forum.pfsense.org/index.php?topic=88443.0



  • Thanks for that…



  • I followed those instructions and everything went as expected.  I do, however, get the following notice after each reboot:

    03-21-15 15:47:39 [ There were error(s) loading the rules: /tmp/rules.debug:33: cannot define table pfB_Level1: Cannot allocate memory - The line in question reads [33]: table persist file /var/db/aliastables/pfB_Level1.txt]

    Another interesting thing is that the "Packets" count is nowhere near what it was with pfBlocker.  Is that the new normal?



  • Moderator

    Hi laterdaze,

    In pfSense Advanced Tab:Firewall/Nat: "Firewall Maximum Table entries".

    It should be defaulted to 2M, but you might have set it manually to a lower value. Please increase this to 2M.

    Are these "Aliases" set as "Deny Inbound"? If so, you are not seeing the implicit deny by pfSense on the Inbound.  Which would explain why it's lower.



  • Indeed, the max table entries was set to 300K, a hold over from pfBlocker tuning no doubt.  Setting it to 2M resolved the memory allocation problem.  Specifying the list action as "Deny Both" causes the packets count to increase to something more like what I was seeing with pfBlocker.

    Again, thanks for all that…


  • Moderator

    @laterdaze:

    Indeed, the max table entries was set to 300K, a hold over from pfBlocker tuning no doubt.  Setting it to 2M resolved the memory allocation problem.  Specifying the list action as "Deny Both" causes the packets count to increase to something more like what I was seeing with pfBlocker.

    Again, thanks for all that…

    Glad you got it all sorted out  :)  .. Pls read this thread to see if you really need "Deny Both/Deny Inbound" Rules.

    https://forum.pfsense.org/index.php?topic=86212.msg501258#msg501258


Log in to reply