Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [pfBlockerNG] How to sync IPv4 FilterLists between CARP-Boxes

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      badger
      last edited by

      Hi there, I'm trying to get two pfSense-boxes with CARP to sync pfblocker settings. The master node was configured and under the sync tabs "sync to configured system backup server" was chosen. But it does not seem to work properly. Contries I highlighted on the master box do not appear on the backup node. Also manually provided IPv4-Filter-list won't appear on the other side.

      What I actually can see on the second node are the firewall rules which pfblocker creates.
      How is this supposed to work. Should those highlighted countries and the IP-filter-lists even appear on the backup node? or do you even need to also set them up there?

      Thank you very much =)

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Hi badger,

        Try to use the option "Sync to host(s) defined below" instead of "sync to configured backup server".
        Then add the host at the bottom of the Sync tab.

        If you use the "Backup server option" you will need to configure the settings in Carp settings for that to function. I have never personally used this option…

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • J
          jmcentire
          last edited by

          I'm also unable to get pfblockerng sync to work.  I have the "Sync to host(s) defined below" selected and the correct IPs and passwords setup for two different hosts.

          In the general logs of the "master" I get the following:
          "[pfBlockerNG] XMLRPC sync successfully completed with…"(host a)
          "[pfBlockerNG] XMLRPC communications error occurred while attempting sync with…"(host b)

          In Host A's general log I see:
          "[pfBlockerNG] Sync terminated during boot process."

          I can't find anything in Host B's logs relating to pfBlockerNG or blocked packets.  Sync does not work for either host, however I also have Snort setup on the master and it successfully syncs to Host a and b with no problem at all.  The master also does CARP sync to Host a and that is working without issue as well.  Any ideas on what's happening here?

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Are you using  "Admin" as the Sync Username?
            Do you have any "non-standard" characters in the Sync Password?

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • J
              jmcentire
              last edited by

              I am using the default admin username, and yes my password has special chars(as it should).  On host a I was seeing invalid login attempts so I had already removed the sanitation function from the pfblocker file, I'm not seeing the invalid login attempts anymore.  Just what I posted above.

              1 Reply Last reply Reply Quote 0
              • J
                jmcentire
                last edited by

                Well, I'm not sure what happened, I added a 3rd host to see if I could get that one to work and immediately after doing that, all 3 hosts sync'd successfully.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.