PfBlockerNG v2.0 w/DNSBL

RonpfS

@Qinn:

Second, I followed your advise, here are the results, btw Memory size = 1Gb (1024) usage 18%, during the process below I noticed that Memory usage rose from 16% to 28% and dropped to 17% after the error occurred, as shown below. It seems the process eats RAM and somehow there is a max set for the process.

any advice is welcome,

cheers, Qinn

1GB might be too small since the last MaxMind database change. Can you put more RAM in the box?

I have 2.5GB on my pfsense and I got a crash report  :o
This looks like a change at some point in the MaxMind db. So be patient until BBcan177 take a looks at this.

RonpfS

@haleakalas:

I have an identical situation except the line "(tried to allocate 20 bytes)" reads 27 bytes. Also, the PHP Errors block repeats itself a few times.
I tried to reinstall pfBlockerNG through the package manager, it claimed to have reinstalled but it no longer shows under the Firewall menu of pfSense. I uninstalled and reinstalled in two steps, again using the package manager, same result. For now I removed the package. My hardware is based on 32 bit N270 and I have 1GB of RAM, tons of HD space.
Prior to upgrading pfSense to 2.3.2 everything worked flawlessly for over a month so I assume that it has something to do with pfSense upgrade. I don't recall when I got pfBlockerNG upgraded.
I hope mine is not an isolated case.

Maybe it is too late, but did you get any errors while removing or installing pfBlockerNG?

Qinn

Although today 1GB Memory isn't much, maybe the dev's (BBcan177) could be encouraged  ;) to find a solution as the pfSense recommended requirements are (https://www.pfsense.org/hardware/)  RAM - 1 GB. So I put in a extra 512MB (so now 1,5GB), but I am shit out of luck, again error. Should have guessed it, as even your 2,5GB wasn't enough.

Qinn

Hmmm, I have searched the forum and this error has occurred many times, and never the solution was to increase memory:

https://forum.pfsense.org/index.php?topic=87994.0

https://forum.pfsense.org/index.php?topic=113483.0

https://forum.pfsense.org/index.php?topic=102904.0

https://forum.pfsense.org/index.php?topic=76981.0

RonpfS

I get these messages Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 36 bytes)
from time to time with other function in pfsense, when viewing big file or with backup.
And I never found a solution for these.

I disabled pfBlockerNG, DSNBL, surricata, reboot, close all pfsense tabs.
This gives me around 1.8GB of free memory, and the pfblockerng.php dc still crashes.

Is there someone with more than 2.5GB of memory that doesn't have crash when updating the MaxMind GeoIP db ?

Qinn

https://forum.pfsense.org/index.php?topic=116305.0

https://forum.pfsense.org/index.php?topic=116307.0

Problem seems to be spreading…

vbentley

@oswoldy:

Hi,
I get the crash with 8GB of RAM :(

I guess I won't bother installing any more than the 4GB that I currently have installed. I have disabled pfBlockerNG for the time being.

Gerard64

Same here with 4gb ram.

I tried to reinstall Pfblocker but no luck now it doesn't even show up anymore under Firewall menu item.
Before I reinstalled it hanged constantly on update the lists.

RonpfS

Well during installation pfBlockerNG download the MaxMind GeoIP database … it probably crashes and the installation doesn't complete.  :o

q54e3w

do you see stability if you reduce the number of lists you have active? My 16GB runs along fine at 40% utilisation with a fair few lists thrown at it and I recall from my casual observation it uses more whilst it processes them too.

Guest

@RonpfS:

@haleakalas:

I have an identical situation except the line "(tried to allocate 20 bytes)" reads 27 bytes. Also, the PHP Errors block repeats itself a few times.
I tried to reinstall pfBlockerNG through the package manager, it claimed to have reinstalled but it no longer shows under the Firewall menu of pfSense. I uninstalled and reinstalled in two steps, again using the package manager, same result. For now I removed the package. My hardware is based on 32 bit N270 and I have 1GB of RAM, tons of HD space.
Prior to upgrading pfSense to 2.3.2 everything worked flawlessly for over a month so I assume that it has something to do with pfSense upgrade. I don't recall when I got pfBlockerNG upgraded.
I hope mine is not an isolated case.

Maybe it is too late, but did you get any errors while removing or installing pfBlockerNG?

No, there was no error messages during the reinstall, removal or installation. But, the weird thing is that although pfSense said the installation (or the reinstallation) was a success, pfBlockerNG was nowhere to be found; in the menus nor in the service status, watchdog, etc. So, I  assume that it didn't install properly. But the dashboard says that only 20% of the RAM is used, so I doubt that this is a memory issue. Plus, I have been using pfBlockerNG on this same hardware for some time, so unless the last version has changed something drastically 1GB has been fine.
Meanwhile, I restored a raw copy backup of my system prior to 2.3.2 upgrade. That works like a charm. It has pfBlockerNG 2.0.17 on pfSense 2.3.1-p5 (i386). PfBlocker definitely works as it blocks access to and from China, Russia, etc.
So, until the dust settles oldies are the best way to go for me.

Gerard64

Here is always worked fine with my 4GB of ram but since the last update it started to give problems i disbaled PFblocker for now and wait maybe it get fixed if not then i gave to sadly uninstall uninstall.

RonpfS

Here is a fix for the MaxMind errors https://forum.pfsense.org/index.php?topic=116307.msg644910#msg644910
please use that thread for this issue

Gerard64

Above tip of Ronpfs worked.
But after the last re-install of pfblocker it didn't reinstall correct. It doesn't show up in the menu and it gives a error at the end of the reinstall.

pkg: POST-INSTALL script failed

Is there a way i can install a previous version of pfblocker?

RonpfS

@Gé:

Above tip of Ronpfs worked.
But after the last re-install of pfblocker it didn't reinstall correct. It doesn't show up in the menu and it gives a error at the end of the reinstall.

pkg: POST-INSTALL script failed

Is there a way i can install a previous version of pfblocker?

I do not think you can revert to a previous version  :(
And even with the previous version it would be the same as the change comes from MaxMind GeoIP change, not from pfblockerNG code.

Can you try https://forum.pfsense.org/index.php?topic=115966.0

Gerard64

Thank you again Ronpfs.
I did what you suggested on that other thread it did not work. I increased to 750M but no joy :(

Guest

@RonpfS:

Here is a fix for the MaxMind errors https://forum.pfsense.org/index.php?topic=116307.msg644910#msg644910
please use that thread for this issue

Solving the problem by throwing more memory at it worries me a bit. I hate to sound old-school, but 1GB or RAM on a router/firewall is a lot of memory. Allocating upwards of 300MB for one particular function, if that is on exclusive basis, would worry me that the implementation of that function is less than optimal.

As for the installation issue, it is still there. I can no longer install the latest version of pfBlockerNG; although pfSense claims that it's installed it doesn't show anywhere in the menus.

RonpfS

@Gé:

Thank you again Ronpfs.
I did what you suggested on that other thread it did not work. I increased to 750M but no joy :(

The patch was made for someone with pfBlockerNG installed. You could probably revert it.
I posted another similar patch for the case when pfBlockerNG isn't installed.

RonpfS

@haleakalas:

@RonpfS:

Here is a fix for the MaxMind errors https://forum.pfsense.org/index.php?topic=116307.msg644910#msg644910
please use that thread for this issue

Solving the problem by throwing more memory at it worries me a bit. I hate to sound old-school, but 1GB or RAM on a router/firewall is a lot of memory. Allocating upwards of 300MB for one particular function, if that is on exclusive basis, would worry me that the implementation of that function is less than optimal.

As for the installation issue, it is still there. I can no longer install the latest version of pfBlockerNG; although pfSense claims that it's installed it doesn't show anywhere in the menus.

We are just trying to get a fix until BBcan177 can find a proper fix when he comes back.

there is a thread for the installation failure https://forum.pfsense.org/index.php?topic=115966.0

pfBlockerNG with DNSBL requires load of memory as it handle 1M+ table. So 1GB is really not that much memory for this kind or usage.

Gerard64

@RonpfS:

The patch was made for someone with pfBlockerNG installed. You could probably revert it.
I posted another similar patch for the case when pfBlockerNG isn't installed.

Oke I tried that mod and went up to 1500M but no success I can't install Pfblocker.
Oh and BTW i have a 64bit system with 4GB ram.

>>> Installing pfSense-pkg-pfBlockerNG... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	pfSense-pkg-pfBlockerNG: 2.1.1_2 [pfSense]
	whois: 5.1.5 [pfSense]
	lighttpd: 1.4.39_1 [pfSense]
	grepcidr: 2.0 [pfSense]
	aggregate: 1.6_1 [pfSense]

Number of packages to be installed: 5

The process will require 2 MiB more space.
[1/5] Installing whois-5.1.5...
[1/5] Extracting whois-5.1.5: .......... done
[2/5] Installing lighttpd-1.4.39_1...
[2/5] Extracting lighttpd-1.4.39_1: .......... done
[3/5] Installing grepcidr-2.0...
[3/5] Extracting grepcidr-2.0: ..... done
[4/5] Installing aggregate-1.6_1...
[4/5] Extracting aggregate-1.6_1: .... done
[5/5] Installing pfSense-pkg-pfBlockerNG-2.1.1_2...
[5/5] Extracting pfSense-pkg-pfBlockerNG-2.1.1_2: .......... done
Saving updated package information...
done.
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...
MaxMind GeoIP databases previously downloaded.
Adding pfBlockerNG Widget to the Dashboard... done.
Remove any existing and create link for DNSBL lighttpd executable... done.
Creating DNSBL web server start-up script... done.
Creating DNSBL web server config ... done.
Starting DNSBL Service... done.
Upgrading Adv. Inbound firewall rule settings ... no changes required ... done.
Custom commands completed ... done.
Executing custom_php_resync_config_command()...1 table created.
1/1 addresses added.
pkg: POST-INSTALL script failed
>>> Cleaning up cache... done.
Success