pfBlockerNG 3.2.0_4 ?
-
-
@pfsjap Click on the 3.2.0_3 and get the commits notes:
https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-pfBlockerNG-devel
-
@rcoleman-netgate
Is this the link you mean?https://github.com/pfsense/FreeBSD-ports/commit/fa4b28d707a06415fe6ea2d77d10629b5530f15f
if not, where are the commit notes? Sorry just confused.
-
Actually me too are lost with this package.
Seen, that package manager offers this update, but update stucks.
After clicking at update icon download lasts significant longer than usual for a package.
After clicking to "confirm" the GUI more or less dies out. No installation process is seen.
After minutes(!) the "confirm" page disappears, just the header is visible, but again no installation.
Clicking now to any other menu item last also very long.
Issue could be reproduced every time (tried the install in total 4 or 5 times), even after rebooting the appliance (SG-3100).
Is there anything I miss here for running the update?Package v3.2.0_3 is installed, but currently not really configured.
Regards
-
Just want to reiterate there aren’t any commit notes that I’ve seen. Perhaps I glossed over?
Also I’m a Patreon member for bbcan. I typically get a notification whenever there is a change on the package but there’s been no comms for this.
So it’s not clear what if any changes were done .Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor One thing that I know that was changed is that maxmind geoIP token has changed and now they are including "_" caracteres in it, so pfblockerng code was updated to allow that.
-
@michmoor said in pfBlockerNG 3.2.0_4 ?:
Just want to reiterate there aren’t any commit notes that I’ve seen. Perhaps I glossed over?
Hover and click here :
It was the geomaxmind new user ID thing and something else.
No ground breaking developmentBtw : my pfSense wakes me up to tell me that :
-
@gertjan Is that a system notification or something you scripted?
-
@michmoor said in pfBlockerNG 3.2.0_4 ?:
something you scripted?
Close.
Copied from what I've found here on the forum.
Here I guess.
I do recall do some edits so "23.01 Plus" is happy.
I can post the 93 php file if needed. -
@gertjan Yeah if you have the current script for 23.01 i would love to look at.
-
Install the pfSense cron package first.
Add a line like this :
/root/pkg_check.php is the php script file :
<?php require_once("pkg-utils.inc"); require_once("notices.inc"); require_once("util.inc"); $msg = null; $pmsg = null; $p = 0; // log_error("Starting update check"); //echo "test"; // pfSense base system check $system_version = get_system_pkg_version(false, true); if ($system_version === false) { printf("%s\n", 'Unable to check for updates'); log_error("Unable to check for updates, exiting"); exit; } if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) { printf("%s\n", 'Error in version information'); log_error("Error in version information, exiting"); exit; } switch ($system_version['pkg_version_compare']) { case '<': printf("%s%s%s\n", "pfSense version ", $system_version['version'], " is available"); $msg = "An update to pfSense version " . $system_version['version'] . " is available\n\n"; break; case '=': printf("%s%s%s\n", "pfSense version ", $system_version['version'], " (installed) is current"); break; case '>': printf("%s%s%s\n", "pfSense version ", $system_version['installed_version'], " is NEWER than the latest available version ", $system_version['version']); $msg = "pfSense version " . $system_version['version'] . " is available (downgrade)\n\n"; break; default: printf("%s\n", 'Error comparing installed with latest version available'); log_error("Error comparing installed with latest version available"); break; } // package check $package_list = get_pkg_info('all', true, true); $installed_packages = array_filter($package_list, function($v) { return (isset($v['installed']) && isset($v['name'])); }); if (empty($installed_packages)) { printf("%s\n", 'No packages installed'); log_error("No packages installed, exiting"); exit; } foreach ($installed_packages as $pkg) { if (isset($pkg['installed_version']) && isset($pkg['version'])) { //printf("%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version']); $version_compare = pkg_version_compare($pkg['installed_version'], $pkg['version']); if ($version_compare != '=') { $p++; $pmsg .= "\n".$pkg['shortname'].': '.$pkg['installed_version'].' ==> '.$pkg['version']; if ($version_compare == '>') { $pmsg .= ' (downgrade)'; } printf("%s%s%s%s%s\n", $pkg['shortname'], ': ', $pkg['installed_version'], ' ==> ', $pkg['version']); } } } if ($p > 0) { $msg = $msg . "The following updates are available and can be installed using System > Package Manager:\n" . $pmsg; } // check for updates to builtin packages exec("/usr/sbin/pkg upgrade -n | /usr/bin/sed -ne '/UPGRADED/,/^$/p'", $output, $retval); if (($retval == 0) && (count($output))) { $msg .= "\n\n" . "Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them:\n\n"; array_shift($output); $msg .= implode("\n", array_map('ltrim', $output)); } if (!empty($msg)) { log_error("Updates were found - sending email"); echo $msg; notify_via_smtp($msg); } // log_error("Update check complete"); ?>A
chmod +x /root/pkg_check.phpmight be needed.
Note that
notify_via_smtp($msg)because I have a smtp (gmail) notification setup.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@gertjan Nice. I also use SMTP for delivery
Is there a way to check to see it working? For example, if i have a CRON job to run every minute will I get an email notification?
-
@michmoor said in pfBlockerNG 3.2.0_4 ?:
Is there a way to check to see it working?
Yep.
Enter console or SSH, go for option 8 and typephp -q /root/pkg_check.phpand see the magic happen.
No mail if there are no updates available.
Btw : I've adapted this script for a SG-4100 running with 23.01. -
G Gertjan referenced this topic on
-
@gertjan Works without issues. Thanks for this.
It even spotted a Firmware upgrade on my 6100
16:12:33 The following updates are available and can be installed using System > Package Manager:
Netgate_Firmware_Upgrade: 0.55 ==> 0.56
Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run
pkg upgradefrom the shell to install them:igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
pfSense-pkg-Netgate_Firmware_Upgrade: 0.55 -> 0.56 [pfSense]
pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense] -
Adding this here, because I see this behavior with current 3.2.0_4:
pfblockerng seems to block things OK, but the counters in the dashboard widget do not increase at all.
I already reinstalled, restarted etc -
@gertjan thanks for pointing at that script. Testing it as well, great.
-
@sgw said in pfBlockerNG 3.2.0_4 ?:
@gertjan thanks for pointing at that script. Testing it as well, great.
You mean these :
? -
@gertjan Yes, exactly.
Checked right now: I see entries in "Firewall - pfBlockerNG - Reports" for "IP Block Stats", but not in the Dashboard Widget. There are some packets shown for DNSBL, but not for IP.
I have "PRI1" enabled with "Deny Inbound", so yes, there should be blocking (and the blocking seems to work, only the widget "fails"). It's not that important, but somehow wrong anyway, right?
I also tried to remove and re-add the widget already. Or edit its settings.
-
@gertjan Thank you for the pkg_check, works great.
I'd like to ask about updates, which are part of the of the base system:
Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense] pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]Is it recommended (and safe) practice to update those also?
-
