5. PfBlockerNG and RAM Disk

PfBlockerNG and RAM Disk

  • I

    If you use RAM Disks, pfBlockerNG has the following issues after rebooting the system:

    • Country Lists are not updated

    • unbound does not start, because DNSBL config file cannot be found

    If I disable RAM Disk usage everything works fine. Must IMHO therefore have something to do with config files being stored in /var which is empty after reboot.

    0
  • Moderator

    Unfortunately, not much I can do to fix that… by design, Ram disk clears out /var on reboot...

    I don't want to start to force settings to disable Ram disk settings. I might add a note somewhere, but as such, most don't read the notes :)

    0
  • I

    Understand. Maybe you must put a check in to disable DNSBL from running if RAMDisk is used? Because having unbound not working is quite an issue for surfing the internet… :-P
    And wouldn't a force update after reboot solve the issue of Country Lists not being populated?

    0
  • Moderator

    I understand where your coming from but it just makes everything more complicated… Adding that option would get the opposite feedback about DNSBL not working... "Why is it not working ... " :)

    I don't use Ramdisks or Nano installs, but I will add it to the list of things to check and see if that can be improved upon...

    0
  • I

    Thanks! Love pfBlockerNG, btw!! Appreciate all the hard work you put into it!

    0
  • B

    Hi,
    I can confirm this. If the ramdisk is enabled, I get this error message on startup (sylog):  "Unbound config not found in /var/.*".
    If you implement a woraround in the future, you could call the new setting: Update unbound on startup, with the disclaimer: Only use this setting on nano installs or when utilizing a ramdisk. And everything should be fine ;)

    Keep up the good work!

    0
  • B

    I don't see the logic is saving a CFG file in ram? Temp files yeah but not CFG. Those are permanent and need to be saved.

    0
  • Moderator

    Its difficult to fix these issues as pfBlockerNG is a package and not tightly woven to pfSense… When pfSense is rebooted or if the box loses power, the package doesn't see the event and has no way to remove this line from the Unbound Adv settings:

    server:include: /var/unbound/pfb_dnsbl.conf

    So your best bet, is to remove that line and save the Resolver settings. Then reboot. If it reboots and the file pfb_dnsbl.conf is missing, unbound will not start and cause other issues.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy