pfBlockerNG sync not working
-
@juliokele said in pfBlockerNG sync not working:
/usr/local/pkg/pfblockerng
Great investigative work!
Thanks much!!!
-
Following up on this, seems an official patch came out on August 13th via package manager, however this patch doesn't seem to resolve the issue. I have an HA setup, which I've verified have the patch applied and I double checked the file for the typo, all is well, but sync still isn't working between the two.
-
@planedrop @juliokele
Manual patch works but only after reload on master, only saving will not sync. HA here with 23.05.1. Tested both options with "system backup" and "host defined"Great work, many thanks
-
@vavsaftoiu Interesting, I haven't used the manual patch, but from what I can see the manual patch is doing the exact thing that BBCan did for the official fix, so maybe I've got something else going wrong?
It does list HA Sync = done in the logs when doing a manual reload, but absolutely nothing is syncing over. HA is working otherwise and was fine even with pfB in the past.
I'll do some more digging to see if I can figure out what is going on.
-
@planedrop
i have extended my comment: https://forum.netgate.com/post/1108304 -
@juliokele Thanks for this, I'll try to reinstall pfB to see if that helps, reboot has already happened and I actually never applied the manual patch.
-
Hey guys,
after applying pfblockerng non-devel update 3.2.0_6 to my _5-install sync still did not work.
Unchecking the button "Keep Settings", saving and reloading and then reinstalling the package on my backup-machine followed by a force reload on the master machine did the trick and now the sync works smoothly. Reboot was not necessary on neither my master nor my backup machine.
Thanks folks!
-
S SteveITS referenced this topic on
-
B Bob.Dig referenced this topic on
-
@juliokele said in pfBlockerNG sync not working:
pfBlockerNG-devel
Is there any news on when this will be fixed for "pfBlockerNG-devel"?
-
@Bruce74 said in pfBlockerNG sync not working:
Is there any news on when this will be fixed for "pfBlockerNG-devel"?
Semi-related question, what is the future of pfBlockerNG-devel? When 23.01 came out pfBlockerNG and pfBlockerNG-devel were made the same code. So we just switched to non-devel as (vaguely) suggested in the release notes. My general assumption was they would not differ going forward, but apparently they are already diverging in minor ways.
-
@SteveITS just updated to pfSense 2.7.2 and this brough me to pfBlockerNG_devel 3.2.0_7 and still had to manually re-apply the fix so definitely not fixed on latest Devel version either. Should devel version be patched by now or should we consider switching to the non devel branch?
-
I updated to pfBlockerNG-devel 3.2.0_7 a couple of weeks ago, and it fixed the sync issue for me.
-
@Bruce74 That's weird, I just updated pfSense from 2.7.1 to 2.7.2 and naturally pfBlockerNG-devel from 3.2.0_6 to _7 and it didn't fix it for me, I had to re-edit the .inc file and remove the additional 'd' again (I didn't apply the patch file, just patched it by hand).
-
@IT_Luke I always struggle a bit to find things in Github but comparing
https://github.com/pfsense/FreeBSD-ports/blob/734989ab5809fe5c7bde23a240e717da656775ac/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L10826
and
https://github.com/pfsense/FreeBSD-ports/blob/734989ab5809fe5c7bde23a240e717da656775ac/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L10826...the latter does not have the fix:
$pfb_sync = config_get_path('installedpackages/pfblockerngsyncd/config/0', []);I made a note in the redmine.
-
@IT_Luke I'd recommend swapping over to the non devel version, which does have the fix applied like @SteveITS mentioned.
I did want to note something though, for me the fix had to both be applied by updating pfBlocker, and then I also had to reinstall pfBlocker on both HA nodes to get the sync to work again (keeping settings so it really was just clicking the reinstall button in the package manager). Been perfect ever since but a little odd it required that.
-
@planedrop I think I'll wait until the Redmine gets processed/picked up - I have no problems after manually patching the .inc (again), my HA installs sync fine after so no worries. In the event of another pfBlockerNG-devel update I know what to check so it's not a big deal, it's a very fast manual fix. If in the end the devel branch gets "left behind" I will uninstall and reinstall the "normal" branch. Cheers anyhow!
-
@IT_Luke Totally get ya on this. If it's useful, I was running devel and reinstalled non-devel on about 8 firewalls and it went super smooth, settings were kept, basically didn't even know it changed. Not as encouragement to do so, just that if you come to the conclusion you need to, should be pretty simple/fast/easy.
-
subbed to the thread in the hopes that an update will be posted here when this has been resolved.
-
@shabsta The issue is resolved in the latest pfB release, you'll have to do a reinstall of the package on all HA nodes for the fix to actually work though.
-
@planedrop said in pfBlockerNG sync not working:
ou'll have to do a reinstall of the package
I disabled and reinstalled pfBlockerNG on second pfsense server and this resolved the issue, thank you.
-
I ran into a sync issue today.
23.05.1, pfB 3.2.0_5 - found changes didn't sync, or at least show in the GUI, with the patch, without the typo.
Restarted router2, same.Upgraded both to 23.09.1, pfB 3.2.0_7. As part of that, uninstalled pfB and reinstalled after.
Same, a description wouldn't sync.Reinstalled the package on router2 (via the button on the Installed Packages page), no sync.
I ran a Force Reload on router1 which then got the changes to show on router2.
In hindsight this sounds more like linked issue https://redmine.pfsense.org/issues/12918 (pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately ...until cron job is run on router2).
