3.1.0_6 UPDATE

A Former User

@gertjan said in 3.1.0_6 UPDATE:

what should ClamAV do ? Scanning virus in the packet headers ?

I use Squid as a caching-proxy and let ClamAV do the av scanning on it.

Gertjan

@dobby_

Ok, that's the way to do it ;)

keyser

@mcury said in 3.1.0_6 UPDATE:

@steveits said in 3.1.0_6 UPDATE:

came out the other day but only for 2.6 apparently.

It is also available for plus, updated yesterday.

I wonder whats going on here… Rumors have it that it is Netgate that maintains this package now and @BBcan177 is no longer on board.

Regardless if that is true or not, it makes less than NO sense to release not one but two minor fixes of the package where the most glaring obvious bug i still present.
Has the package been hijacked, and is now delivering malware instead?

We need some proper information about these release from whoever is responsible for the included changes and who approved it.

fireodo

@keyser

Hi,

as far as I can see, has the content of pfblockerng.inc between line 4136 and 4142 completely been reworked (that was the part that made the problems
https://redmine.pfsense.org/issues/13154 )

But I agree - a clarification from Netgate or whoever would be very much appreciated!

Regards,
fireodo

A Former User

@keyser

Has the package been hijacked, and is now delivering
malware instead?

Why? Because Netgate is now the maintainer? Then you could not trust the whole system (pfSense) and this makes
no sense for me. If I trust someone (Netgate) and use his entire system I will also trust them if they (Netgate) maintain a package!

We need some proper information about these release
from whoever is responsible for the included changes
and who approved it.

Thinking one step ahead please, it is better in my eyes getting the hands on a package that is available and present, then one is not maintained any more!

I will be more lucky with a patch, given in a short time
that is working, I mean it is better then watching out the whole ticket parade and not patch is available.

keyser

@fireodo said in 3.1.0_6 UPDATE:

@keyser

Hi,

as far as I can see, has the content of pfblockerng.inc between line 4136 and 4142 completely been reworked (that was the part that made the problems
https://redmine.pfsense.org/issues/13154 )

But I agree - a clarification from Netgate or whoever would be very much appreciated!

Regards,
fireodo

If that is completely reworked, why does it still suffer the same issue then? I haven't updated yet because of this, and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136. So something is still the same in that section.

keyser

@dobby_ said in 3.1.0_6 UPDATE:

Why? Because Netgate is now the maintainer? Then you could not trust the whole system (pfSense) and this makes
no sense for me. If I trust someone (Netgate) and use his entire system I will also trust them if they (Netgate) maintain a package!

Yes, I agree, if Netgate took over I still trust it although this release without release notes and with the bug still present does shake my confidence a bit.
But the question is: Is netgate the maintainer now? We have no information, and theoretically this update could come from some other source and was accidentally approved without throrough review (Given the bug is still there, I'm guessing there has been no review.....)

We need some proper information about these release
from whoever is responsible for the included changes
and who approved it.

Thinking one step ahead please, it is better in my eyes getting the hands on a package that is available and present, then one is not maintained any more!

I will be more lucky with a patch, given in a short time
that is working, I mean it is better then watching out the whole ticket parade and not patch is available.

Ehh no. The 3.1.0_4 build was supported up until recently by BBCAN, and until pfSense has made a new release (2.7/22.11) another pfBlockerNG-devel release is not needed unless it fixes the problem _4 had.

fireodo

@keyser said in 3.1.0_6 UPDATE:

I haven't updated yet because of this, and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136. So something is still the same in that section.

I saw the modifications in 3.1.0_6 FOR pfsense 2.6.0 - I dont know if that is also the case in pfsense+ 22.05!
(the previous version 3.1.0_5 for 2.6.0 still had the issue in line 4136)

Gertjan

Read How to unblock duckduckgo and find why it's being blocked.

BB is still there

And @keyser

fireodo

@gertjan said in 3.1.0_6 UPDATE:

Read How to unblock duckduckgo and find why it's being blocked.

I saw that Thread and it was nice to see that he is still implicated in pfblockerng ...

jdeloach

@keyser said in 3.1.0_6 UPDATE:

@dobby_ said in 3.1.0_6 UPDATE:

But the question is: Is netgate the maintainer now? We have no information, and theoretically this update could come from some other source and was accidentally approved without throrough review (Given the bug is still there, I'm guessing there has been no review.....)

Ehh no. The 3.1.0_4 build was supported up until recently by BBCAN, and until pfSense has made a new release (2.7/22.11) another pfBlockerNG-devel release is not needed unless it fixes the problem _4 had.

What problem did _4 have? I am a long user of this package and was not aware of any bugs/issues.

Gertjan

@jdeloach said in 3.1.0_6 UPDATE:

What problem did _4 have?

Scroll to the top, start reading ;)

@keyser said in 3.1.0_6 UPDATE:

and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136.

jdeloach

@gertjan said in 3.1.0_6 UPDATE:

@jdeloach said in 3.1.0_6 UPDATE:

What problem did _4 have?

Scroll to the top, start reading ;)

@keyser said in 3.1.0_6 UPDATE:

and as far as I can tell people are still applying the same "fix" by removing the ")" in line 4136.

I don't see any issues listed in any of the messages, that I have ever had. Granted I don't use Netgate hardware and only run CE 2.6.0. Swap space is always 0% and CPU usage is never spikes above about 3%.

By the way I'm running Snort as well as pfBlockerNG.

BBcan177

Before the pitch forks come out... I am still here and nothing has changed but its been challenging lately ... working on a release which should hopefully be available later this week or next week for the 2.6 and 2.7 branches. Thanks for the patience!

Its been quite a ride since 2014:
https://twitter.com/BBcan177/status/1354556985652506624

fireodo

@bbcan177 said in 3.1.0_6 UPDATE:

Before the pitch forks come out..

Thanks for the patience!

Thank YOU for clarification and Thank You for your work! (has to be said)

Kind regards,
fireodo

DefenderLLC

@fireodo said in 3.1.0_6 UPDATE:

@bbcan177 said in 3.1.0_6 UPDATE:

Before the pitch forks come out..

Thanks for the patience!

Thank YOU for clarification and Thank You for your work! (has to be said)

Kind regards,
fireodo

Amen!

fireodo

@cloudified said in 3.1.0_6 UPDATE:

Amen!

keyser

@bbcan177 This is the best news in a long time given the slightly shaky rumours that have been circulating.

Thank you for your excellent work - your package is what makes pfSense the best solution around :-)

A Former User

@jdeloach said in 3.1.0_6 UPDATE:

I don't see any issues listed in any of the messages, that
I have ever had.

This is also not a must be for everybody I would be glad about to see the same here, but I am also using very old
hardware and perhaps to "small foot print" for this load.
PC Engines APU4D4

Granted I don't use Netgate hardware and only run
CE 2.6.0.

It is an software problem so it should be nothing to do
with the hardware it selfs, but with much packages installed and much of list feeds, snort rules and av signatures it is perhaps here and there able to point on.

Swap space is always 0% and CPU usage is never
spikes above about 3%.

Only my AV signatures are taking 1 GB - 1,7 GB of ram and I only own 4 GB hard soldered on the board! So 4 GB swap is not such a great thing if you have to deal with a bunch of rules and lists.

By the way I'm running Snort as well as pfBlockerNG.

Me too, but it comes squid & squidguard plus clamav on top of it and with some lists I haven´t seen such numbers
before like you. And WiFi and FreeRadius are not activated
at this time. I really think it should be in the near future another box more strong or powerful.

keyser

@jdeloach said in 3.1.0_6 UPDATE:

I don't see any issues listed in any of the messages, that I have ever had. Granted I don't use Netgate hardware and only run CE 2.6.0. Swap space is always 0% and CPU usage is never spikes above about 3%.

By the way I'm running Snort as well as pfBlockerNG.

As I understand the issue, it’s related to a change in the logging format pfsense uses in pfSense+ 22.05
That release is as far as I remember a pfsense+ release only - there where no CE 2.6.1 or whatever that could have been called.
I might remember wrong, but CE2.6 came with pfsense+ 22.01