Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem since pfblocker upgrade?

    pfBlockerNG
    2
    9
    1273
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gerard64 last edited by

      Yesterday I upgraded pfblockerNG to version 2.0.5. Since then system log is filling up with Many lines like this:
      kernel: pfr_update_stats: assertion failed.

      I rebooted several times but no change.

      Anybody an idea what why this happens and what to do about it.

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        I think there is a loopback or RFC1918 address in one of your blocklists. Do you have "suppression" enabled? If not enable that option and run a "Force Reload"

        See the following:
        https://forum.pfsense.org/index.php?topic=105977.msg592741#msg592741

        1 Reply Last reply Reply Quote 0
        • G
          Gerard64 last edited by

          Looks like the log entries are gone.
          Thank you!

          Can I somewhere see what ip's are being suppressed because i am curious what and how those ip's get into my lists. Because i can't imagine i added local addresses in a block-list. I do have however few external lists from others.

          If I find the problem ip's I would like to remove them from the particular list(s).

          1 Reply Last reply Reply Quote 0
          • BBcan177
            BBcan177 Moderator last edited by

            @Gé:

            Looks like the log entries are gone.
            Thank you!

            Can I somewhere see what ip's are being suppressed because i am curious what and how those ip's get into my lists. Because i can't imagine i added local addresses in a block-list. I do have however few external lists from others.

            If I find the problem ip's I would like to remove them from the particular list(s).

            Run this command:

            grep "^127\.0\." /var/db/pfblockerng/original/*
            

            It will let you know which files contain any loopback addresses… The "Original" folder contains the original copy of the List/Feed...

            1 Reply Last reply Reply Quote 0
            • G
              Gerard64 last edited by

              That did not show any result.

              I also run:
              grep "^192.168." /var/db/pfblockerng/original/*
              grep "^10.10." /var/db/pfblockerng/original/*
              grep "^172.16." /var/db/pfblockerng/original/*

              No result.

              Still great information to know how and where to check for ip's and domains that are in the lists.
              But no loopback address in one of my lists. What more could be causing this?

              1 Reply Last reply Reply Quote 0
              • BBcan177
                BBcan177 Moderator last edited by

                Maybe try to grep for    "^0."    or    "^127."

                1 Reply Last reply Reply Quote 0
                • G
                  Gerard64 last edited by

                  Now it did found 127.61.33.66 in http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz
                  If i disable this list then all the other ip's arent blocked anymore and this list can't be edited by me so i guess i keep it enabled with the suppression option enabled for the time being till this list is fixed and updated.

                  Thanks a lot, I learned some things today ;)

                  Edit: To test I disabled the above list with the IP 127.61.33.66 and disabled the suppression option. After that a force reload. The log is still filling up with: kernel: pfr_update_stats: assertion failed.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177
                    BBcan177 Moderator last edited by

                    I downloaded a fresh copy of that IBlock ADs list and it contained this line…

                    127.61.33.66.in-addr.arpa ads:66.33.61.127-66.33.61.127

                    So when you grep'd for "127" it found the Name (in reverse IP) not the IP.. Iblock is in Range format and the pfBNG package converts that to CIDR.

                    To grep IBlock files for "127", you would need to look for  grep ":127."  (Not sure if the : needs to be escaped). The "^" tells the grep command to only look at the start of each line.

                    I don't see any IP in that list that would cause an issue.. There are over 3000 IPs in the list, so I just did a quick cursory review… Maybe they fixed an entry in that list already? It won't be the first time that an IBlock list has some IPs that shouldn't have been added :)

                    Try to clear the old file (goto the Log Browser tab and find this IBlock Ads file in the "Deny" section... Then click on the Delete Icon.... Then run a "Force Update" .... It should then download a new copy of that IBlock list.

                    Really curious if you disable "Suppression", if its still an issue for you....

                    1 Reply Last reply Reply Quote 0
                    • G
                      Gerard64 last edited by

                      Ah yes thats a reverse address ofcourse duh why didn't i see that ;)

                      I did a grep ":127" /var/db/pfblockerng/original/*

                      result several ipv6 addresses:

                      /var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:127c::/48
                      /var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1278::/48
                      /var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1274::/48
                      /var/db/pfblockerng/original/pfB_Europe_v6.orig:2a00:1278::/32
                      /var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1270::/48
                      /var/db/pfblockerng/original/pfB_NAmerica_v6.orig:2001:1270::/32
                      /var/db/pfblockerng/original/pfB_NAmerica_v6.orig:2001:1278::/32
                      /var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1270::/32
                      /var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1274::/32
                      /var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1278::/32
                      /var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:127c::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1270::/48
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1274::/48
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2a00:1278::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1270::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1274::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1278::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2804:127c::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1278::/48
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2001:1270::/32
                      /var/db/pfblockerng/original/pfB_Top_v6.orig:2001:1278::/32

                      Don't think they are the problem.

                      I have many more lists besides this "http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz" I deleted them all the way you explained and run a force-update and a force-reload and disabled the suppression option but still filling up my system log with "kernel: pfr_update_stats: assertion failed".

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy