The pfSense Store

Author Topic: pfBlocker  (Read 182765 times)

0 Members and 1 Guest are viewing this topic.

Offline rdunkle

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: pfBlocker
« Reply #270 on: December 29, 2011, 03:02:44 pm »
updated to pfsense 2.01.  Removed country block and ipblock.  Installed pfblocker
pfblock appears to work fine.
I am seeing a frequent messages in system log: 
Dec 29 12:13:35 <user.notice> fw root: IP-Blocklist was found not running
Dec 29 12:16:26 <user.err> fw apinger: ALARM: WANGW(192.168.75.1)  *** delay ***
Dec 29 12:16:36 <user.notice> fw check_reload_status: Reloading filter
Dec 29 12:16:42 <user.notice> fw root: IP-Blocklist was found not running
I do not see IP-Blocklist in the installed packages.
I see a reference in the config.xml :
---------
</menu>
<ipblocklist_settings>
<config>
<enable>0</enable>
</config>
</ipblocklist_settings>
-----------
why is IP-Blocklist trying to get restarted ?
Is there another file that still thinks IP-Blocklist is installed ?

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #271 on: December 29, 2011, 03:31:37 pm »
maybe you need to delete its remaining script.

'/usr/local/pkg/pf/IP-Blocklist.sh'

Also look for ipblocklist scripts in /usr/local/etc/rc.d

Quote
I see a reference in the config.xml

follow these steps:
  • backup configuration
  • open /conf/config.xml
  • remove these entries
  • save file
  • reboot pfsense

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #272 on: December 29, 2011, 04:12:26 pm »
I keep getting these messages in the system log:

Dec 29 17:01:02   php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 17:01:02   php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 17:00:53   php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'

Dec 29 17:00:23   php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 17:00:23   php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 17:00:15   php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'

Dec 29 16:59:45   php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 16:59:45   php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 16:59:36   php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'

Dec 29 16:59:06   php: : There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 16:59:06   php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [19]: table <pfBlockerTBG> persist file "/var/db/aliastables/pfBlockerTBG.txt"

Dec 29 16:58:58   php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:19: cannot define table pfBlockerTBG: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'

But in the Dashboard everything looks good.

« Last Edit: December 29, 2011, 04:15:53 pm by taryezveb »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #273 on: December 29, 2011, 06:04:12 pm »
Increase even more Firewall Maximum Table Entries in system->advanced -> firewall/NAT

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #274 on: December 29, 2011, 06:21:35 pm »
Ok, will try that. Now is at 3000000, will try with 4000000.

Edit: with 4000000 still getting those messages. Will keep trying until I find a number that works and report back.
« Last Edit: December 29, 2011, 06:28:54 pm by taryezveb »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #275 on: December 29, 2011, 06:23:23 pm »
Don't forget to see memory use in dashboard. If you are getting more then 80% may be time for an upgrade or smaller lists.

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #276 on: December 29, 2011, 06:30:11 pm »
Memory is at 44% at the moment, I should have plenty of headroom.

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
    • View Profile
    • TomSchaefer.org
Re: pfBlocker
« Reply #277 on: December 29, 2011, 06:41:45 pm »
Personally I took mine up to a high value that would never be reached (something like 9999999999999999 or similar). I did this for several reasons.
No memory is allocated based on this number and it makes it easy to increase my table usage without trying to find a limit that will work. So it doesn't cost you anything and this ensures that no matter how many lists I use I won't run into any issue. Just in case someone is wondering my system only has 2GB of mem which is more than enough.
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #278 on: December 29, 2011, 06:53:00 pm »
I was trying to do it incrementally, but that is not working. Got up to 15000000, but then saw your post. So I'm going to try that large number[9999999999999999].

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #279 on: December 29, 2011, 07:00:31 pm »
Are you sure you are not reading an old alert?

BTW, if a really large value does not exaust memory, It's an excelent option to prevent errors.

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #280 on: December 29, 2011, 07:31:07 pm »
Are you sure you are not reading an old alert?

BTW, if a really large value does not exaust memory, It's an excelent option to prevent errors.

Yes, I was making sure they where not old. I have 4GB in this box. Current memory usage:
Mem: 603M Active, 67M Inact, 1151M Wired, 1048K Cache, 406M Buf, 1991M Free
Swap: 8192M Total, 8192M Free

When I initially click on save, it all works fine for a few minutes[~2]. Then after a random amount of time, clicking different menus to check the settings the error pops back up. At first after using 9999999999999999; I was still getting the error. It has now been ~19 minutes since the last error message. Will keep my on it too see if the error comes back. If the error comes back, I will try deleting the offending list and re adding it, to see if that helps.

Thanks for the help!

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #281 on: December 29, 2011, 07:35:55 pm »
Check on widget if were changes on amount of cidrs applied.

CIDRs are get from applied file and package count from firewall tables.

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
    • View Profile
    • TomSchaefer.org
Re: pfBlocker
« Reply #282 on: December 29, 2011, 07:47:12 pm »
Check on widget if were changes on amount of cidrs applied.

CIDRs are get from applied file and package count from firewall tables.

IP-Blocklist injects a large number like that to /tmp/rules.debug at the top to ensure no matter how many lists a user has there won't be any errors. So with pfBlocker, even though it's a manual process, I add that large number.
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
    • View Profile
Re: pfBlocker
« Reply #283 on: December 29, 2011, 07:49:05 pm »
The CIDRs are the same as in the screenshot I posted above:

pfBlockerBluetack   761470   
pfBlockerTBG   1262743

It has been ~35 minutes and no new errors :) I'm crossing my fingers ;)

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9954
    • View Profile
Re: pfBlocker
« Reply #284 on: December 29, 2011, 07:52:25 pm »
I need to improve lists size check to reduce this kind of issues or change error message suggesting tommyboy180 large configuration.

It's in my 'todo list when time permits'  ;)