PfBlockerNG Running? not showing in top: no pid: no error messages
-
I didn't want to hijack other threads so I stared this one. I don't know if there is a problem or not. I have looked at the logs and have not found any indication of any kind of errors anywhere.
This the last part of /var/log/pfblockerng;
===[ Continent Process ]============================================ [ pfB_Top_v4 ] exists. ===[ IPv4 Process ]================================================= ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDED CRON PROCESS START [ 04/20/16 13:15:00 ] UPDATE PROCESS START Clearing all DNSBL Feeds... ** DNSBL Disabled ** ===[ Continent Process ]============================================ [ pfB_Top_v4 ] exists. ===[ IPv4 Process ]================================================= ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDEDI did a force update after the save.
I can not find any error messages anywhere on this subject or any other subject.
I selected a new country to block in the Africa section, saved and did a force update.This was the result of selecting Egypt.
UPDATE PROCESS START [ 04/20/16 13:55:22 ] Clearing all DNSBL Feeds... ** DNSBL Disabled ** ===[ Continent Process ]============================================ [ pfB_Top_v4 ] exists. ===[ IPv4 Process ]================================================= ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update UPDATE PROCESS ENDEDI deleted the package and reinstalled it with the same results.
Is my pfBlockerNG running? Nothing in top! I can't tell by looking at the firewall logs if any of the entries have been blocked."Insanity is doing the same thing over and over again and expecting different results." Albert Einstein
-
Hi crotalus,
Did you define the "Action" setting? Also ensure that you hit "Save" followed by "Force Update"…
-
General –> Enable pfBlockerNG is checked
General --> Country --> List Action set to Deny Both
I have clicked save on Country, then on General and then did a force update.Here is adding a country in Europe(Poland).
List action deny both
General --> Country select Poland [save] –> General [save] update force [update]
Result:UPDATE PROCESS START [ 04/20/16 15:19:14 ] Clearing all DNSBL Feeds... ** DNSBL Disabled ** ===[ Continent Process ]============================================ [ pfB_Africa_v4 ] exists. [ pfB_Europe_v4 ] Changes found... Updating [ pfB_Top_v4 ] exists. ===[ IPv4 Process ]================================================= ===[ IPv6 Process ]================================================= ===[ Aliastables / Rules ]================================ Firewall rule changes found, applying Filter Reload ===[ FINAL Processing ]===================================== [ Original IP count ] [ 37073 ] ===[ Deny List IP Counts ]=========================== 37072 total 18769 /var/db/pfblockerng/deny/pfB_Top_v4.txt 17985 /var/db/pfblockerng/deny/pfB_Europe_v4.txt 318 /var/db/pfblockerng/deny/pfB_Africa_v4.txt ====================[ Last Updated List Summary ]============== Apr 20 14:36 pfB_Top_v4 Apr 20 14:47 pfB_Africa_v4 Apr 20 15:19 pfB_Europe_v4 IPv4 alias tables IP count ----------------------------- 37073 IPv6 alias tables IP count ----------------------------- 0 Alias table IP Counts ----------------------------- 37072 total 18769 /var/db/aliastables/pfB_Top_v4.txt 17985 /var/db/aliastables/pfB_Europe_v4.txt 318 /var/db/aliastables/pfB_Africa_v4.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 3769 UPDATE PROCESS ENDED [ 04/20/16 15:19:15 ]Back to General –> save
Nothing in top
This what ps shows;[2.3-RELEASE][admin@pfSense.home]/: ps PID TT STAT TIME COMMAND 40622 v0 Is 0:00.00 login [pam] (login) 40905 v0 I 0:00.00 -sh (sh) 41060 v0 I+ 0:00.00 /bin/sh /etc/rc.initial 67172 v0- IN 0:01.71 /bin/sh /var/db/rrd/updaterrd.sh 68600 0 Is 0:00.00 /bin/sh /etc/rc.initial 69094 0 I 0:00.01 /bin/tcsh 86912 0 S+ 0:00.29 tail -F -n 900 pfblockerng.log 51868 1 S+ 0:03.93 top 60125 1 Is 0:00.00 /bin/sh /etc/rc.initial 61165 1 I 0:00.00 /bin/tcsh 94937 2 Is 0:00.00 /bin/sh /etc/rc.initial 95629 2 I+ 0:00.01 /bin/tcsh 71990 3 Is 0:00.00 /bin/sh /etc/rc.initial 76190 3 S 0:00.01 /bin/tcsh 91580 3 R+ 0:00.00 psAlso can't find pfBlockerNG in ps -aux (large output)
It doesn't appear to be running unless the pid description is something other than pfBlockerNG.
-
Also can't find pfBlockerNG in ps -aux (large output)
It doesn't appear to be running unless the pid description is something other than pfBlockerNG.I am not sure what your looking for in the pids? pfBlockerNG takes an IP list(s) and puts them into aliastables…. These aliastables are referenced in the Firewall Rules which performs the appropriate action (Block|Reject|Permit|Match)... There is not pid for that process...
From you last post, adding that Country created the aliastable correctly.
-
Here is what I was looking for in top. This is about half of the display.
last pid: 52211; load averages: 0.00, 0.00, 0.00 up 0+07:58:17 15:58:35 80 processes: 1 running, 79 sleeping CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Mem: 54M Active, 342M Inact, 415M Wired, 264K Cache, 382M Buf, 3030M Free Swap: 8192M Total, 8192M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 54160 squid 1 20 0 37660K 16044K sbwait 0 0:07 0.00% squidGuard 45366 squid 1 20 0 187M 91264K kqread 1 0:05 0.00% squid 62482 root 1 20 0 220M 32844K nanslp 0 0:04 0.00% php 42679 unbound 2 20 0 51016K 22928K kqread 1 0:03 0.00% unbound 54326 squid 1 20 0 37660K 16040K sbwait 1 0:02 0.00% squidGuard 67172 root 1 52 20 17000K 2392K wait 1 0:02 0.00% sh 2783 nobody 1 20 0 16836K 4156K select 1 0:02 0.00% darkstat 54444 squid 1 20 0 37660K 16040K sbwait 1 0:02 0.00% squidGuard 54471 squid 1 20 0 37660K 16028K sbwait 1 0:01 0.00% squidGuard 54659 squid 1 20 0 37660K 16008K sbwait 1 0:01 0.00% squidGuard 54751 squid 1 20 0 37660K 15968K sbwait 1 0:01 0.00% squidGuard 54987 squid 1 20 0 37752K 4084K select 1 0:01 0.00% pinger 94733 root 1 52 0 262M 36728K accept 0 0:00 0.00% php-fpm 39885 root 1 20 0 16532K 2356K nanslp 0 0:00 0.00% cron 49531 squid 1 20 0 37616K 3860K piperd 1 0:00 0.00% unlinkd 52014 root 17 52 0 217M 12264K uwait 1 0:00 0.00% charon 316 root 1 40 20 18888K 2444K kqread 0 0:00 0.00% check_reload_status 52211 root 1 20 0 21856K 3052K CPU0 0 0:00 0.00% top 76190 root 1 20 0 17340K 3372K ttyin 0 0:00 0.00% tcsh 69094 root 1 20 0 17340K 3372K pause 0 0:00 0.00% tcsh 13746 root 1 20 0 18896K 2408K select 0 0:00 0.00% xinetdI was expecting to see a process entry for psBlockerNG. There is none in the display.
It must be running because I found entries in the alerts. Such as:
Deny - Last 25 Alert Entries Apr 20 16:16:03 WAN pfB_Europe_v4 (1770009452) TCP-S 85.105.181.104:55149 85.105.181.104.static.ttnet.c... 50.183.169.248:23 wan TR Country Apr 20 16:04:09 WAN pfB_Europe_v4 (1770009452) UDP 83.170.194.159:53 cpe-jerelo-zhyttya.lv.sovam.n... 50.183.169.248:3432 wan UA Country Apr 20 16:00:05 WAN pfB_Europe_v4 (1770009452) TCP-S 31.43.124.30:38504 unallocated.sta.lan.ua 50.183.169.248:23 wan UA CountryI didn't want to put you through a lot of unnecessary grief. Sorry! I should have researched further before posting.
What would top show for pfBlockerNG in the list or the active ps -aux?
Thanks for your trouble!
Keith
-
If you want to see what is being blocked, goto the "Alerts Tab"… There are a couple running processes for pfBlockerNG. But I am not sure what it is exactly that you are looking for? Try to be more specific with what your trying to achieve, and I can help from there...
ps auxww | grep pfb -
I was trying to see what the process running would be pfBlockerNG that would be seen by top. The process that is running is php.
Here is the real. I believe process /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl.
Top would show php as the process.
last pid: 18593; load averages: 0.00, 0.01, 0.00 up 0+23:14:21 07:14:39 73 processes: 1 running, 72 sleeping CPU: 0.0% user, 0.0% nice, 0.2% system, 0.4% interrupt, 99.4% idle Mem: 104M Active, 383M Inact, 405M Wired, 256K Cache, 407M Buf, 2949M Free Swap: 8192M Total, 8192M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 45366 squid 1 20 0 267M 167M kqread 0 0:14 0.00% squid 42679 unbound 2 20 0 55112K 28476K kqread 1 0:06 0.00% unbound 67172 root 1 52 20 17000K 2392K wait 1 0:05 0.00% sh 54987 squid 1 20 0 37752K 4084K select 1 0:03 0.00% pinger 37883 root 1 20 0 220M 33036K nanslp 0 0:03 0.00% phpI was just curious why I could not see a process running. Now I know why. All I know about php that it is one of the scripting languages.
Thanks for the information. If I have problems in the future I am able to dig deeper into the problem.
