PF upgrade from 2.1.5 to 2.3.2(1) + PFblocker-NG = duplicated WAN rules
-
Hello all. Yesterday I upgraded from 2.1.5 to 2.3.2 and then on to 2.3.2.1. I then installed PFblocker-NG, and all was well. Today I'm looking around, and I see my 7 WAN rules are duplicated like 240 times. I clear some out, and then it doubles. Has anyone seen anything like this? I was troubleshooting the system remotely, and when I tried to do a restore from a previous config it borked the system. I think the backup config had RRD Data in it. I will be reinstalling with copy fo original config, but wanted to see if anyone has seen any behavior with the WAN rules. Thanks. BBcan177 great package. Been waiting a LONG time to try the pfBNG out.
-
It better to disable pfBlockerNG (and DNSBL on older version) before updating/upgrading pfsense or pfblockeNG.
Maybe disable it, cleanup the rules, enable pfBlockerNG than run a Force Update than a Force Reload All
-
It is even much more better to uninstall all packages before doing such upgrades of ancient pfSense versions.
-
Sorry everyone I failed to mention that I uninstalled all packages before upgrading from 2.1.5 to 2.3.2. I also did force the reload. When I got home the system was hosed, but console was up. It showed the XLM RRD Data error above all of the console menu options. I tried to reboot from menu, and it just repeats XMP error without reboot. I tried to Halt from menu same thing. I ended up having to go into the shell, and halt from their. Seeing that I had just upgraded I still had the install disk & config USB, so I just reinstalled. I also reinstalled the pfBlockerNG package, and only setup my 4 IPv4 lists, and 4 country codes to block. DSNBL and CIDR Aggregation have not been enabled. I'll enable those in a few days to see if they are responsible. I checked this Morning, and only 1 set of Rules for the WAN interface. Wierd issue I see is when I installed pfBlocker-NG the old pfBLocker menu entry shows up. It does not work, but seems to be stuck in the menu structure when pfBlocker-NG is installed. When pfBlocker-NG is uninstalled the pfblocker menu entry is removed. Wierd.
-
Update - I have not seen the duplicate FW rules under the WAN interface since the reinstall. I think I am going to turn on de-dup in pfB-ng, and see if creates the behavior.