1. Home
  2. pfSense Packages
  3. [SOLVED] pfBlockerNG alerts don't display

[SOLVED] pfBlockerNG alerts don't display

  • F

    Hi there,
    first, as newbee in this forum, let me say thank you and bravo for PFSense.
    New here but not with Pfsense, I use it since about 2 years. I post here for a strange behavior with pfBlockerNG. In fact, I'm not sure that it's really this package the problem, but it occurs with it.
    On a 2.2.1 amd64 PFSense, installed as cluster, I've yesterday installed pfBlockerNG. No problem to make it work, but when I wanted to see the alerts, the GUI display a blank page, then on home page warned for a crash : PHP fatal error caused by memory_limit in /etc/inc/util.inc.
    I increased the memory with the ini_set command, but it always complained about memory, even with 512M RAM ! So I started to debug.
    I found that the problem came from this function in util.inc : function subnetv4_expand($subnet)
    and especially this loop :
            for ($i = 0; $i < $size; $i += 1) {
                  $result[] = long2ip($net | $i);
            }

    Strangelly, it fills memory, but (I'm not developper stop me if I'm wrong) the $result variable should be overwritted at each loop and return only the last result, isn't it ?
    So I simply commented the loop and replace it just by :
      $result[] = long2ip($net);

    and all begun to work !

    The IPs are CARP VIP, one on LAN at 10.0.0.254/8, and others WAN on /32 public adresses. 1G RAM actually used at 40%.
    I've also installed the package on another PFsense, same version, a cluster master too, with CARP VIPs, 1G RAM, but can't reproduced the problem. I don't see what is different on this PFSense.

    So finally my question :)
    I'm pretty sure that this util.inc isn't part of the package pfBockerNG. During my tests, I found that it is used by others parts of PFSense. And I don't understand what the hell this loop is doing ??? And, if the modification can break something else ?

    Thanks !

    0
  • BBcan177
    Moderator

    Hi fsoyer,

    I have an update the Alerts tab that doesn't call this function and instead uses the following function below as its more practical then trying to expand such a large cidr. I have just been busy working on v2.0 of pfBlockerNG with DNSBL that I haven't pushed some of these changes into the release. Hope to get a pull request submitted soon.

    ip_in_subnet($subnet, $line)

    0
  • F

    Fine ! Hope that this update will be release soon, but for the moment it seems to works like that. Happy to hear about DNSBL too ! Thanks.
    Just fo my understanding, if you have time to describe what this loop should do ?

    0
  • F

    Well. The patch you sent to me works fine.
    Thank a lot.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy