PFblockerNG 2.2.3 "pf Errors found."



  • 2.2.3-RELEASE (amd64)
    Intel(R) Xeon(R) CPU X5650 @ 2.67GHz

    I have PFblockerNG installed and working however, on the summary page in the begging it shows errors.  I'm not sure they're false positives or what.

    I think it has something to do with the cron hourly updates and after it does one it bombs PFblockerNG and it stops working.  I'm unsure but I've attached a pic.

    Does anyone have any insight?  There isn't anything in the log that helps much.  This is all I've got that seems relevant:

    Jul 7 23:01:29 	check_reload_status: Syncing firewall
    Jul 7 23:01:29 	check_reload_status: Syncing firewall
    Jul 7 23:01:29 	check_reload_status: Reloading filter
    Jul 7 23:01:27 	php-fpm[40182]: /pkg_edit.php: [pfBlockerNG] Starting sync process.
    Jul 7 23:01:27 	check_reload_status: Syncing firewall
    Jul 7 23:01:20 	check_reload_status: Syncing firewall
    Jul 7 23:01:20 	check_reload_status: Reloading filter
    Jul 7 23:01:20 	php-fpm[40182]: /pkg_edit.php: [pfBlockerNG] Starting sync process.
    

    Nothing to write home about :0(

    Pic is attached.
    ![Screenshot from 2015-07-07 23:53:51.png](/public/imported_attachments/1/Screenshot from 2015-07-07 23:53:51.png)
    ![Screenshot from 2015-07-07 23:53:51.png_thumb](/public/imported_attachments/1/Screenshot from 2015-07-07 23:53:51.png_thumb)



  • **** Update on this *****

    I found that if I go into:  Firewall > pfBlockerNG > update > force reload

    …that it reloads the downloaded content and it goes back as it should be.  Like the new attached pic.

    Logs say:

    Jul 7 23:14:26 check_reload_status: Syncing firewall
    Jul 7 23:14:26 check_reload_status: Syncing firewall
    Jul 7 23:13:41 php: pfblockerng.php: [pfBlockerNG] Starting sync process.

    …again, nothing sexy.  This seems to be a problem for me on 2.2.3, it doesn't load / sync properly after an update and I have to force it otherwise it pfBlockerNG goes into a funky state at least according to the gui!  :0(

    By the way.  I've wondered this.  Should the "Packets" column actually show how many packets from those countries were blocked?  Mine never seemed to update on any version of PFSense I've used but I only noticed that column on the 2.2.1 version and in the "Alerts" tab I never see any alerts either.  Is there setup involved with that to better possibly get metrics and track foreign IP's?

    Thanks!

    ![Screenshot from 2015-07-08 00:17:59.png](/public/imported_attachments/1/Screenshot from 2015-07-08 00:17:59.png)
    ![Screenshot from 2015-07-08 00:17:59.png_thumb](/public/imported_attachments/1/Screenshot from 2015-07-08 00:17:59.png_thumb)


  • Banned

    Sigh. Why do you block the entire world? Whitelist what you want instead. There's already default deny rule on WAN blocking everyhing unless you allow it. Limit what you allow to a whitelist alias instead, if you have any wildcard permit rules on WAN. If not, then Deny Inbound is completely useless overhead. Regarding outbound, the above ruleset makes Internet just about unusable.