PfBlockerNG v2.0 w/DNSBL
-
Hi,
same situation in my environment. I changes from HTTPS WebUI to HTTP because WPAD is hosted on pfsense itself. But i defined all private IPs to go DIRECT and not using the proxy in the WPAD files. But unfortunately it does not work.
Further I disabled auto proxy configuration and hardcoded the proxy in my browser but DNSBL still does only work with HTTP (pfsense WebUI page) but not with HTTPS. Further it does not log anything :-(
PS:
Anybody here who could suggest a good DNSBL which focuses on command and control server and such stuff?hmm…are you getting the gif? does it log the gif? are you sure you disabled the WPAD?
-
Hi,
same situation in my environment. I changes from HTTPS WebUI to HTTP because WPAD is hosted on pfsense itself. But i defined all private IPs to go DIRECT and not using the proxy in the WPAD files. But unfortunately it does not work.
Further I disabled auto proxy configuration and hardcoded the proxy in my browser but DNSBL still does only work with HTTP (pfsense WebUI page) but not with HTTPS. Further it does not log anything :-(
PS:
Anybody here who could suggest a good DNSBL which focuses on command and control server and such stuff?hmm…are you getting the gif? does it log the gif? are you sure you disabled the WPAD?
Hi killmasta93,
yes, as I said above DNSBL only works for HTTP butw not for HTTPS. Further it only shows me the WebUI (HTTP) but it does not log anything.
I am pretty sure that I disabled WPAD. I disabled the "Automatic discovery" option in chrome and IE (both browsers use the same proxy config menue) and then I closed my browsers and opened them again. At least I disbaled my network adapter and enabled it again to make sure that I am getting new information from DHCP and DNS.So when I try to access the internet I still have to go through the proxy for http and https. I am NOT using TRANSPARENT proxy. Further I allowed port 8443 as an allowed port for squid SSL.
So the behavour is strange that it differs from yours even if it seems we have the same configuration.
-
Hi Nachtfalke,
So I have been trying to get it work and nothing, But this is what got my eye. I did a fresh install pfSense 2.2.4 installed the lasted pfBlockerNG and nothing wont log either the ads BUT it blocks them somehow. The GIF is the only alert that shows. Im thinking since i Have updated to the newest pfBlocker this is what happened. I also check on another pfSense box that was running pfBlocker 1.0 i updated also to the newest and wont work either. That box does no have any packages besides pfBlocker
-
I have posted PR #1243, pfBlockerNG v2.0.5 (for pfSense v2.2.x)
and
I have also posted PR #87, pfBlockerNG v2.0.8 (for pfSense v2.3)Changelog can be seen in the attached links. If you have any issues, post back in the forum.
I highly recommend installing pfSense 2.3. Its nearing Release Candidate (RC) and is really looking sharp. Its getting harder to maintain pfBlockerNG in two different platforms, so I may concentrate my future efforts in pfSense 2.3. So it will most likely see all of the new upcoming features. I will however maintain pfBlockerNG in 2.2.x that are bug fixes.
Thanks!
Both PR #1243 and #87 have been merged for pfSense 2.2.x and 2.3.x respectively.
You can click on the PR links above to review the changes. Any questions, please let me know…
Looking forward to your feedback and hope you guys checkout pfSense 2.3 !!!
-
On 2.3 beta since the beginning, pfBlockerNG is working pretty fine, grazie for your work BBcan177!
-
Hi!
I read the info about 2.3 and I shall update asap. For the time being I'd like to update to 2.0.5 on an older 2.2. box. The installation aborted with the message
Downloading https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi ... could not download from there
It seems that the .pbi file is missing. Did someone else run into the same problem?
-
Hi!
I read the info about 2.3 and I shall update asap. For the time being I'd like to update to 2.0.5 on an older 2.2. box. The installation aborted with the message
Downloading https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi ... could not download from there
It seems that the .pbi file is missing. Did someone else run into the same problem?
I can download the file from the shell without issue:
fetch -o /tmp/pfblockerng-1.6.6-amd64.pbi https://files.pfsense.org/packages/10/All/pfblockerng-1.6.6-amd64.pbi
-
This time the file was found.
-
Haven't had issues with pfBlockerNG on 2.2.x, but I've upgraded to 2.3RC (and I've tried uninstalling/reinstalling pfB), but I get this error and a pfSense crash report every time I click the Alerts tab under pfBlockerNG's section:
Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes) in /usr/local/www/pfblockerng/pfblockerng_alerts.php on line 581 Call Stack: 0.0141 232168 1. {main}() /usr/local/www/pfblockerng/pfblockerng_alerts.php:0 1.4219 2882400 2. conv_log_filter_lite() /usr/local/www/pfblockerng/pfblockerng_alerts.php:362 1.4220 2883016 3. exec() /usr/local/www/pfblockerng/pfblockerng_alerts.php:581 PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_alerts.php, Line: 581, Message: Allowed memory size of 268435456 bytes exhausted (tried to allocate 72 bytes)
This is on a Netgate C2758 box with 8GB of RAM and a small SSD with plenty of space, so this error doesn't make much sense to me. Is there a hard-set limit somewhere that I can adjust upwards?
-
Hi adx442,
The Alerts tab reads the pfSense Firewall logs. How many log entries do you have defined in the syslog settings? Also try to clear the firewall log and see if the error returns. The memory issue is related to PHP and not the hardware itself.
-
Yup, I'd already increased PHP's memory limit to 512M. Turns out, the syslog size was a little too large for even that amount of memory, cutting it in half and clearing the logs did fix the behavior.
Sorry, the only place I'd been seeing this issue exposed was in pfBlockerNG, though it was unrelated in the end.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
-
Same here as noted by Wolf666. Below the link to a related or not issue :o with Unbound not starting properly after any reboot.
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
@webtyro:
Same here as noted by Wolf666.
Thanks for the report…
If you are able to modify a file, please edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
In 2.3 - Line : 3149
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3149In 2.2.x - Line: 3156
https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.inc#L3156and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
-
and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
Fix my problem. Thanks BBcan177.
-
Fix mine also.
-
@BBcan177
That did the trick for mine also. Thank you. -
Semi complete n00b here. I got it up and running with just dnsbl. However it just stops after a few hours and lets everything through. Is there something i can check? I cant see any errors being thrown in the logs, cron jobs are doing things etc every hour.
-
Ensure that your LAN devices have their DNS settings set to only pfSense. If you ping the DNSBL VIP does it resolve? If you browse the the DNSBL VIP do you get the 1x1?
-
i can ping the VIP from my 192.1.6.2.xxx to the VIP http://10.10.10.1/.
If i load up the web page its blank.
Not seeing anything about a gif.
The only hint is <title>10.10.10.1 (1×1)</title>
This happens if it is blocking correctly or incorrectly.
It seems that everything works till the first cron job. After that if i want it to work i have to force update till the next cron job.