PfBlockerNG and RAM Disk
-
If you use RAM Disks, pfBlockerNG has the following issues after rebooting the system:
-
Country Lists are not updated
-
unbound does not start, because DNSBL config file cannot be found
If I disable RAM Disk usage everything works fine. Must IMHO therefore have something to do with config files being stored in /var which is empty after reboot.
-
-
Unfortunately, not much I can do to fix that… by design, Ram disk clears out /var on reboot...
I don't want to start to force settings to disable Ram disk settings. I might add a note somewhere, but as such, most don't read the notes :)
-
Understand. Maybe you must put a check in to disable DNSBL from running if RAMDisk is used? Because having unbound not working is quite an issue for surfing the internet… :-P
And wouldn't a force update after reboot solve the issue of Country Lists not being populated? -
I understand where your coming from but it just makes everything more complicated… Adding that option would get the opposite feedback about DNSBL not working... "Why is it not working ... " :)
I don't use Ramdisks or Nano installs, but I will add it to the list of things to check and see if that can be improved upon...
-
Thanks! Love pfBlockerNG, btw!! Appreciate all the hard work you put into it!
-
Hi,
I can confirm this. If the ramdisk is enabled, I get this error message on startup (sylog): "Unbound config not found in /var/.*".
If you implement a woraround in the future, you could call the new setting: Update unbound on startup, with the disclaimer: Only use this setting on nano installs or when utilizing a ramdisk. And everything should be fine ;)Keep up the good work!
-
I don't see the logic is saving a CFG file in ram? Temp files yeah but not CFG. Those are permanent and need to be saved.
-
Its difficult to fix these issues as pfBlockerNG is a package and not tightly woven to pfSense… When pfSense is rebooted or if the box loses power, the package doesn't see the event and has no way to remove this line from the Unbound Adv settings:
server:include: /var/unbound/pfb_dnsbl.conf
So your best bet, is to remove that line and save the Resolver settings. Then reboot. If it reboots and the file pfb_dnsbl.conf is missing, unbound will not start and cause other issues.
