pfBlockerNG-devel v3.1.0_7 / v3.1.0_14

emikaadeo

@jdeloach said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@steveits
@provels
It came out for 22.x but not for CE 2.6.x. I think that is what is confusing everyone. including @BBcan177.

3.1.0_7 "from Netgate" and 3.1.0_7 from @BBcan177 are not the same packages.
Code is different.

jdeloach

@emikaadeo said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@jdeloach said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@steveits
@provels
It came out for 22.x but not for CE 2.6.x. I think that is what is confusing everyone. including @BBcan177.

3.1.0_7 "from Netgate" and 3.1.0_7 from @BBcan177 are not the same packages.
Code is different.

This is not the only package that has differences between the maintainers and Netgate versions.

Snort and Suricata both suffer the same issues, @bmeeks.

Edit: Long term, it is one hell of mess that's going to be hard to fix.

emikaadeo

@jdeloach said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

Edit: Long term, it is one hell of mess that's going to be hard to fix.

Exactly ;)

bmeeks

@jdeloach said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

Snort and Suricata both suffer the same issues, @bmeeks.
Edit: Long term, it is one hell of mess that's going to be hard to fix.

Not sure what you are talking about here. I am the only maintainer for the Snort and Suricata packages. Everything Netgate has done in either package (and it's not really all that much) has been run by me for approval before merging. Viktor Gurov made several contributions to Suricata (and a few to Snort), but everything he did was run by me first.

Right now there are different package version numbers in pfSense RELEASE versus pfSense DEVELOPMENT due to the move to PHP 8.1 in the next pfSense releases. That required a ton of changes to the PHP code that are NOT backwards compatible with the PHP 7.4 that is used in the current release code. There are no feature differences between the package versions in current pfSense CE and Plus RELEASE versions and the new versions in the DEVELOPMENT branches of CE and Plus. The only changes are those required to make the packages work with PHP 8.1.

Any work other than a really critical bug fix is on hold in the current RELEASE branch as the focus has been on PHP 8.1 in the DEVELOPMENT branch.

fireodo

Me again

Auto-Sort on IP/DNSBL-Groups seams not to working anymore (in 3.1.0_7 for 2.6.0) and (not really important) shallalist is obsolete - I do not think she (the shallalist) will come back.

Wish you all a fine Weekend,
fireodo

JeGr

@bbcan177 said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@emikaadeo
What hardware?
amd64, arm64, or armv7

I'm a bit confused myself. Update to 3.1.0_7 came to my test box on 22.05 (and 2.6) on Oct 25 already. Checked the logs to be sure, no update since then. PKG list shows "current version" with no update showing up.

So seems like perhaps a version mismatch by the package crew of Netgate (for that CPU bugfix) and you own versioning?

What about using this version to make a final 3.1.1 version and push that to pfBlocker-stable so we get rid of the oldold stable version that has so many little flaws now?

Cheers
\jens

Squuiid

@jegr said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@bbcan177 said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@emikaadeo
What hardware?
amd64, arm64, or armv7

I'm a bit confused myself. Update to 3.1.0_7 came to my test box on 22.05 (and 2.6) on Oct 25 already. Checked the logs to be sure, no update since then. PKG list shows "current version" with no update showing up.

So seems like perhaps a version mismatch by the package crew of Netgate (for that CPU bugfix) and you own versioning?

Same here. Any idea what's going on?

emikaadeo

@squuiid
you currently have version 3.1.0_7 installed right? Just upgrade and you should end up with v3.1.0_8

jdeloach

@emikaadeo said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@squuiid
you currently have version 3.1.0_7 installed right? Just upgrade and you should end up with v3.1.0_8

Upgrade what?

emikaadeo

@jdeloach

upgrade package.

jdeloach

@emikaadeo said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

@jdeloach

upgrade package.

That's the issue, there is no upgrade available. 3.1.0_8 is not available.

fireodo

@jdeloach said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

That's the issue, there is no upgrade available. 3.1.0_8 is not available.

In my understanding the 3.1.0_7 is the actual version for pfsense 2.6.0 and the 3.1.0_8 is the actual version for pfsense+ 22.05.
Both versions 3.1.0_7 (for 2.6.0) and 3.1.0_8 (for 22.05) are heavyly owerwoked.
The version 3.1.0_6 on 2.6.0 had the same codebasis as 3.1.0_7 on 22.05.
The 3.1.0_14 is for the developer versions based on freeBSD 14 and PHP 8.1

Please correct me if I'm wrong.

BBcan177

@fireodo

Yes that is correct. One of the pfsense devs committed a release for pfSense plus and caused the version mismatch.

The devs also told me yesterday that there was a build error so _8 didn't build. But they informed me that it should have been available since yesterday. If you still don't see it. Post your hardware specs ie amd/Intel and pfSense version.

Squuiid

Ugh. Updated from a stable 3.1.0_7 to 3.1.0_8 last night and now DNS stops working after a few hours of uptime. This is running at a school and unbeknownst to me kids are sitting exams today!
Easy way to roll back or troubleshoot? Restarting Unbound does nothing. Any help would be hugely appreciated. Running 22.05 on a Negate 6100 Max (amd64).

Alejo 0

@squuiid

You should always create a backup before updating any package in case this happens hence restoring your latest backup config is an easy way to fix the issue. Edit: I was wrong, see @SteveITS replies below

If you don't know how to restore your settings from backup:

Diagnostics > Backup & Restore > Restore backup section > Restore Configuration

If you don't have a backup I am out of ideas, sorry.

Alejo 0

@squuiid
I am having the same issues with the DNS not working after the update but restarting unbound does fix my issue althought restarting the service every time is definitely not ideal either.

SteveITS

@alejo-0 The config backup doesn't back up package code, in fact when it restores it will restore the latest package. I'm pretty sure it will reinstall them even if already installed and you're just restoring, but am not positive offhand.

@Squuiid Are you getting an "address already in use" error logged?

Alejo 0

@steveits

@steveits said in pfBlockerNG-devel v3.1.0_7 / v3.1.0_14:

The config backup doesn't back up package code

I think it does, unless you check the Skip packages option which is the default. At least, that is my understanding. Please feel free to correct me if I am wrong.

SteveITS

@alejo-0 That will back up the package configuration but not the binary files or PHP code. Just take a look at the the .xml file.

BBcan177

Been seeing some reports of DNS issues with pfSense 22.05 and v3.1.0_8. I can't reproduce this on my test box, but will have it run more tests to see if I can reproduce.

For those that are having this specific issue in 22.x ONLY:
Here is the previous pfb_unbound.py version which you could try and see if this resolves the issue.

Run this command to download the file and then restart Unbound for it to take effect:

curl -o /var/unbound/pfb_unbound.py "https://gist.githubusercontent.com/BBcan177/83a6f4002ede77e00de7f8c67edb7421/raw"

Thanks!