pfSense Gold Subscription

Author Topic: pfBlocker  (Read 183662 times)

0 Members and 2 Guests are viewing this topic.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #315 on: January 03, 2012, 03:20:36 pm »
Quote
I restored the configuration to a fresh 2.0.1 install on the same machine

You may need to install packages before config restore

I did few upgrades with pfblocker installed with no erros, but I did not tried a system restore.

I'll try to reproduce it.

Are you using pfBlocker on full install or nanobsd?

Quote
I guess removing the rules and disabling pfBlocker before saving the configuration should work.

This should be the best option



Offline RonpfS

  • Full Member
  • ***
  • Posts: 129
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #316 on: January 03, 2012, 03:55:31 pm »
Are you using pfBlocker on full install or nanobsd?
Full install from CD pfSense-2.0.1-RELEASE-i386.iso.gz

2.0.1-RELEASE (i386)
built on Mon Dec 12 18:24:17 EST 2011
FreeBSD 8.1-RELEASE-p6

Platform    pfSense
CPU Type    Intel(R) Pentium(R) 4 CPU 1.80GHz

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #317 on: January 07, 2012, 02:22:11 pm »
I'll include this ini_set('memory_limit', '250M') patch when pfblocker detects a x64 version.

marcelloc,

Just wanted to report back. After using the above now for the last 6 days. I don't see that affecting anything.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #318 on: January 08, 2012, 08:41:37 pm »
countryipblocks.net released a new bogon network list on their site,

check this out.  :)

http://forum.pfsense.org/index.php/topic,44867.msg233407.html#msg233407

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #319 on: January 12, 2012, 06:12:37 pm »
I had to do a configuration restore today and I'm not getting any php memory error(s) so far. This includes reinstalling all packages. So, ini_set("memory_limit", "250M") in /usr/local/pkg/pfblocker.inc  seems to not be needed here anymore, well at least so far. Will report back if I start to get the php memory error(s). But I wonder why it is working fine now without editing /usr/local/pkg/pfblocker.inc ?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #320 on: January 12, 2012, 08:29:59 pm »
when you apply a new list, pfblocker may increase memory usage do download list and apply it to alias.

when you upgrade downloaded files are not removed. The ini_set("memory_limit", "250M") will be merged to next release and used when x64 instalation is detected.

Thanks for your feedback  :)
« Last Edit: January 12, 2012, 08:48:39 pm by marcelloc »

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #321 on: January 12, 2012, 08:42:18 pm »
Great, Thanks :)

Offline firestrife23

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #322 on: January 13, 2012, 08:40:15 pm »
I'm seeing double entries for each rules list auto generated by pfblocker under firewall's rules... Is that's normal?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #323 on: January 13, 2012, 09:17:07 pm »
If you checked deny both, then will be two rules with the same list on each interface firewall rules.

Can you check if they are identical?

Offline firestrife23

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #324 on: January 13, 2012, 10:23:01 pm »
All of my rules are set to "Deny Inbound"

Offline biogoon

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #325 on: January 13, 2012, 11:03:30 pm »
Hi there. I'm running into a problem syncing my two pfSense 2.0.1 systems. The aliases do not appear to be synced when I make a change within pfBlocker. If I add an alias by hand, that syncs fine. Here is the error being reported in the log of the slave system when I try to turn on the TopSpammers rule:

php: : The command '/usr/bin/grep -v '^#' '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' > '/var/db/aliastables/pfBlockerTopSpammers.txt'' returned exit code '1', the output was ''

Any hints or thoughts?

Thanks!

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #326 on: January 13, 2012, 11:22:33 pm »
biogoon,

I'll try to simulate it this weekend.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #327 on: January 13, 2012, 11:33:51 pm »
All of my rules are set to "Deny Inbound"

I have no duplicates here, can you send screenshots of your configuration as well system version?


Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: pfBlocker
« Reply #328 on: January 15, 2012, 10:38:23 am »
I think I may have found a small bug with the package... I haven't re-read all 22 pages but did some searching within the topic and couldn't find it.

I'm using squid to improve web performance and for logging.. I have setup a couple of list within pfBlocker to block inbound(WAN) and outbound(LAN) Since squid uses localhost, i figured it would need to be a floating rule for it to catch. After reading a few post, but hunch was right..

After creating the floating rules, they seem to work.. But anytime I make a change within the pfBlocker config pages or just re-save, it deleted the floating rules. I'm thinking this is because pfBlocker deletes and re-creates the Alias's when the configuration its save..

I tried to create a new alias and nest the pfBlockers alias's into it but pfSense didn't like that.. I thought about creating brand new url table alias but then that would be a waste of memory.

any thoughts?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: pfBlocker
« Reply #329 on: January 15, 2012, 11:37:07 am »
What description did you configured on floating rule?

If it was pfBlockeraliasname something rule, then pfBlocker will remove it.

Try 'pfBlockeraliasname for squid' and see if it survive an apply