pfBlockerNG 3.2.0_4 ?
-
@gertjan Nice. I also use SMTP for delivery
Is there a way to check to see it working? For example, if i have a CRON job to run every minute will I get an email notification?
-
@michmoor said in pfBlockerNG 3.2.0_4 ?:
Is there a way to check to see it working?
Yep.
Enter console or SSH, go for option 8 and typephp -q /root/pkg_check.phpand see the magic happen.
No mail if there are no updates available.
Btw : I've adapted this script for a SG-4100 running with 23.01. -
G Gertjan referenced this topic on
-
@gertjan Works without issues. Thanks for this.
It even spotted a Firmware upgrade on my 6100
16:12:33 The following updates are available and can be installed using System > Package Manager:
Netgate_Firmware_Upgrade: 0.55 ==> 0.56
Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run
pkg upgradefrom the shell to install them:igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
pfSense-pkg-Netgate_Firmware_Upgrade: 0.55 -> 0.56 [pfSense]
pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense] -
Adding this here, because I see this behavior with current 3.2.0_4:
pfblockerng seems to block things OK, but the counters in the dashboard widget do not increase at all.
I already reinstalled, restarted etc -
@gertjan thanks for pointing at that script. Testing it as well, great.
-
@sgw said in pfBlockerNG 3.2.0_4 ?:
@gertjan thanks for pointing at that script. Testing it as well, great.
You mean these :
? -
@gertjan Yes, exactly.
Checked right now: I see entries in "Firewall - pfBlockerNG - Reports" for "IP Block Stats", but not in the Dashboard Widget. There are some packets shown for DNSBL, but not for IP.
I have "PRI1" enabled with "Deny Inbound", so yes, there should be blocking (and the blocking seems to work, only the widget "fails"). It's not that important, but somehow wrong anyway, right?
I also tried to remove and re-add the widget already. Or edit its settings.
-
@gertjan Thank you for the pkg_check, works great.
I'd like to ask about updates, which are part of the of the base system:
Some packages are part of the base system and will not show up in Package Manager. If any such updates are listed below, run `pkg upgrade` from the shell to install them: igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense] pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]Is it recommended (and safe) practice to update those also?
-
-
@gertjan How do I add this script? Do I do it using the Filer package? Would appreciate a snapshot of your configuration. I have already added the needs Cron job for it as you indicated.
Thanks much!
-
@gertjan Would you happen to know what the pfsense-upgrade package is?
I get this message even after i performed my firmware upgrade on the 6100.Installed packages to be UPGRADED: igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense] pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense] Number of packages to be upgraded: 2 46 KiB to be downloaded. Proceed with this action? [y/N]:Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor said in pfBlockerNG 3.2.0_4 ?:
Would you happen to know what the pfsense-upgrade package is?
It is the package that handles all pfSense updates and upgrades.
-
@rcoleman-netgate gotcha. Does it need an upgrade anyway? During the normal package upgrade process via the GUI, I don’t see this option.
-
@michmoor it includes references needed to provide future updates and upgrades, so yes, it should always be upgraded when it prompts for a change.
-
@rcoleman-netgate is there a way to make that visible via the GUI? Maybe it is but I missed it?
For my normal workflow I don’t go into the shell unless I absolutely need to.
pkg upgrade isn’t something i have normally done when managing any pfsense but I will add it now. -
@michmoor I believe it is part of the regular update checker but I am not an expert, or even an intermediate on this item. @stephenw10 might have your answer.
-
@marinsnb said in pfBlockerNG 3.2.0_4 ?:
How do I add this script?
Copy paste in a text editor !
There is a build in text editor in pfSense, I forgot it's name.
There is 'vi' of course, but I'm not going to advise you use that one ;)edit : found it : is ee, so
ee /root/pkg_check.php.....
pkg install nanoAll you need to do now is : how to save a file with nano.
(searching etc is for later)When nano is installed :
nano /root/pkg_check.phpand paste (ctrl-V or if you use Putty : right mous click) into the editor.
Ctrl-w to write the file.
Ctrl-x to exit the editor.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Still no "Packets" in the widget:
But I see packets blocked in the Logs of pfblockerNG.
-
@michmoor said in pfBlockerNG 3.2.0_4 ?:
Installed packages to be UPGRADED:
igmpproxy: 0.3,1 -> 0.3_1,1 [pfSense]
pfSense-upgrade: 1.0_53 -> 1.0_58 [pfSense]These are 'real' FreeBSD packages that make part of what pfSense is.
True, you won't see them in the classic GUI installed packages list.and yes, normally, no body will actually 'see' when they are available.
What I do know is that they, eventually, get installed.
When ? Probably when you visit System > Update > Update Settings and/or System > Update > System UpdateAs soon as I had the possibility to see this list of non-GUI packages, I never had the patience to 'wait and see' if and when they get installed, I just install them from the command line :
pkg upgrade -
@gertjan thanks!
