Problem since pfblocker upgrade?

Gerard64

Yesterday I upgraded pfblockerNG to version 2.0.5. Since then system log is filling up with Many lines like this:
kernel: pfr_update_stats: assertion failed.

I rebooted several times but no change.

Anybody an idea what why this happens and what to do about it.

BBcan177

I think there is a loopback or RFC1918 address in one of your blocklists. Do you have "suppression" enabled? If not enable that option and run a "Force Reload"

See the following:
https://forum.pfsense.org/index.php?topic=105977.msg592741#msg592741

Gerard64

Looks like the log entries are gone.
Thank you!

Can I somewhere see what ip's are being suppressed because i am curious what and how those ip's get into my lists. Because i can't imagine i added local addresses in a block-list. I do have however few external lists from others.

If I find the problem ip's I would like to remove them from the particular list(s).

BBcan177

@Gé:

Looks like the log entries are gone.
Thank you!

Can I somewhere see what ip's are being suppressed because i am curious what and how those ip's get into my lists. Because i can't imagine i added local addresses in a block-list. I do have however few external lists from others.

If I find the problem ip's I would like to remove them from the particular list(s).

Run this command:

grep "^127\.0\." /var/db/pfblockerng/original/*

It will let you know which files contain any loopback addresses… The "Original" folder contains the original copy of the List/Feed...

Gerard64

That did not show any result.

I also run:
grep "^192.168." /var/db/pfblockerng/original/*
grep "^10.10." /var/db/pfblockerng/original/*
grep "^172.16." /var/db/pfblockerng/original/*

No result.

Still great information to know how and where to check for ip's and domains that are in the lists.
But no loopback address in one of my lists. What more could be causing this?

BBcan177

Maybe try to grep for    "^0."    or    "^127."

Gerard64

Now it did found 127.61.33.66 in http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz
If i disable this list then all the other ip's arent blocked anymore and this list can't be edited by me so i guess i keep it enabled with the suppression option enabled for the time being till this list is fixed and updated.

Thanks a lot, I learned some things today ;)

Edit: To test I disabled the above list with the IP 127.61.33.66 and disabled the suppression option. After that a force reload. The log is still filling up with: kernel: pfr_update_stats: assertion failed.

BBcan177

I downloaded a fresh copy of that IBlock ADs list and it contained this line…

127.61.33.66.in-addr.arpa ads:66.33.61.127-66.33.61.127

So when you grep'd for "127" it found the Name (in reverse IP) not the IP.. Iblock is in Range format and the pfBNG package converts that to CIDR.

To grep IBlock files for "127", you would need to look for  grep ":127."  (Not sure if the : needs to be escaped). The "^" tells the grep command to only look at the start of each line.

I don't see any IP in that list that would cause an issue.. There are over 3000 IPs in the list, so I just did a quick cursory review… Maybe they fixed an entry in that list already? It won't be the first time that an IBlock list has some IPs that shouldn't have been added :)

Try to clear the old file (goto the Log Browser tab and find this IBlock Ads file in the "Deny" section... Then click on the Delete Icon.... Then run a "Force Update" .... It should then download a new copy of that IBlock list.

Really curious if you disable "Suppression", if its still an issue for you....

Gerard64

Ah yes thats a reverse address ofcourse duh why didn't i see that ;)

I did a grep ":127" /var/db/pfblockerng/original/*

result several ipv6 addresses:

/var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:127c::/48
/var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1278::/48
/var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1274::/48
/var/db/pfblockerng/original/pfB_Europe_v6.orig:2a00:1278::/32
/var/db/pfblockerng/original/pfB_Europe_v6.orig:2001:67c:1270::/48
/var/db/pfblockerng/original/pfB_NAmerica_v6.orig:2001:1270::/32
/var/db/pfblockerng/original/pfB_NAmerica_v6.orig:2001:1278::/32
/var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1270::/32
/var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1274::/32
/var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:1278::/32
/var/db/pfblockerng/original/pfB_SAmerica_v6.orig:2804:127c::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1270::/48
/var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1274::/48
/var/db/pfblockerng/original/pfB_Top_v6.orig:2a00:1278::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1270::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1274::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2804:1278::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2804:127c::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2001:67c:1278::/48
/var/db/pfblockerng/original/pfB_Top_v6.orig:2001:1270::/32
/var/db/pfblockerng/original/pfB_Top_v6.orig:2001:1278::/32

Don't think they are the problem.

I have many more lists besides this "http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz" I deleted them all the way you explained and run a force-update and a force-reload and disabled the suppression option but still filling up my system log with "kernel: pfr_update_stats: assertion failed".