Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker failure after 2.1.5 -> 2.2.1 upgrade

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • laterdazeL
      laterdaze
      last edited by

      My much loved pfBlocker is barfing up this after upgrading to 2.2.1.  Don't really know what to do.

      Warning: include(/usr/local/www/widgets/widgets/pfBlocker.widget.php): failed to open stream: No such file or directory in /usr/local/www/index.php on line 742 Warning: include(): Failed opening '/usr/local/www/widgets/widgets/pfBlocker.widget.php' for inclusion (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /usr/local/www/index.php on line 742

      Only the compiler guy needs to write clever code...

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        The previous version of pfBlocker has been replaced in 2.2.x with pfBlockerNG.
        There is no migration of the settings from the old to the new.
        https://forum.pfsense.org/index.php?topic=86212.0

        Here is a script to remove the old configuration from the pfSense config.xml file:
        https://forum.pfsense.org/index.php?topic=88443.0

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • laterdazeL
          laterdaze
          last edited by

          Thanks for that…

          Only the compiler guy needs to write clever code...

          1 Reply Last reply Reply Quote 0
          • laterdazeL
            laterdaze
            last edited by

            I followed those instructions and everything went as expected.  I do, however, get the following notice after each reboot:

            03-21-15 15:47:39 [ There were error(s) loading the rules: /tmp/rules.debug:33: cannot define table pfB_Level1: Cannot allocate memory - The line in question reads [33]: table persist file /var/db/aliastables/pfB_Level1.txt]

            Another interesting thing is that the "Packets" count is nowhere near what it was with pfBlocker.  Is that the new normal?

            pfBlockerNG.JPG
            pfBlockerNG.JPG_thumb

            Only the compiler guy needs to write clever code...

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              Hi laterdaze,

              In pfSense Advanced Tab:Firewall/Nat: "Firewall Maximum Table entries".

              It should be defaulted to 2M, but you might have set it manually to a lower value. Please increase this to 2M.

              Are these "Aliases" set as "Deny Inbound"? If so, you are not seeing the implicit deny by pfSense on the Inbound.  Which would explain why it's lower.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • laterdazeL
                laterdaze
                last edited by

                Indeed, the max table entries was set to 300K, a hold over from pfBlocker tuning no doubt.  Setting it to 2M resolved the memory allocation problem.  Specifying the list action as "Deny Both" causes the packets count to increase to something more like what I was seeing with pfBlocker.

                Again, thanks for all that…

                Only the compiler guy needs to write clever code...

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by

                  @laterdaze:

                  Indeed, the max table entries was set to 300K, a hold over from pfBlocker tuning no doubt.  Setting it to 2M resolved the memory allocation problem.  Specifying the list action as "Deny Both" causes the packets count to increase to something more like what I was seeing with pfBlocker.

                  Again, thanks for all that…

                  Glad you got it all sorted out  :)  .. Pls read this thread to see if you really need "Deny Both/Deny Inbound" Rules.

                  https://forum.pfsense.org/index.php?topic=86212.msg501258#msg501258

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.