SNORT gone after Pfsense update
-
I think this is the primary redmine.
As far as downgrading that is going to be the hard way I'm afraid. Create a ticket at go.netgate.com to get the older firmware (no support required) and reinstall. Remember to change the update setting to 2.4.5 before restoring any config, and actually it may be better to install the packages from 2.4.5 and then restore the config. (you don't want it trying to install a package from 21.2)
-
@steveits
That is indeed the hard way. Do you know if a fix is in the works for this issue? -
@mikej47 I'm sure it is at some level but from my non-Netgate point of view it seems likely it would need to be fixed by PHP/Zend. We have a bunch of SG-3100s in service at clients and since all use Suricata or Snort and pfBlocker it makes them un-upgradeable.
Hmm, if 2.5.1 is close as reported then I hope "previous stable version" doesn't become 2.5.0...
-
@steveits said in SNORT gone after Pfsense update:
hope "previous stable version" doesn't become 2.5.0...
2.5.1 is out, looks like "previous" is still 2.4.5, and "latest" is "2.5.x."
No mention in the release notes about PHP on SG-3100 being a known issue but the Redmine issue is still open.
-
@steveits Thanks for the update. I was able to obtain the older version from Netgate and recovered last night and am now back on 2.4.5.
I checked the release notes before upgrading to 2.5.x to be safe and of course this wasn't in it then.
This makes me hesitant to upgrade to any new version :(
-
Yeah...in general I try to observe a vendor forum for a while before jumping in, especially on a ".0" release. As helpful as beta testers are, "the world" will always find more bugs. And yes I know this is 2.5.0 but there were six versions of 2.4.x before that (0-5). All I can say is over the last 10 years or so pfSense releases have been pretty good. I don't really recall any long term issues as they are pretty good about "p1" patches.
My "bystander" guess is that since the SG-3100 issues seem to appear with packages then it's not a core pfSense flaw and thus wasn't found in 2.5.0 testing...however since it's apparently a PHP issue then it is going to take a PHP and then pfSense update to fix it.
-
@steveits Hi, have you been able to find any updates on this. I keep checking the bug tracking system but haven't seen anything in a long time. Not sure if it is normal for it to take this long.
-
Netgate's pretty quick on bugs in pfSense code. I expect since it's not a pfSense bug the only option is to wait until Zend/PHP fixes it. I would plan to not upgrade for a while.
-
@steveits Makes sense. Thank you for the info!
-
For users having issues with Snort or Suricata installing on Netgate SG-3100 appliances, try the patch provided by @jimp in this thread: https://forum.netgate.com/topic/161050/snort-won-t-start-after-upgrade-to-21-02-on-sg-3100/24?_=1622736263256.
The patch makes a change to a PHP configuration value, but you will need to follow the instructions in the post to make sure the PHP engine loads the new value.
-
@bmeeks Has anyone had any luck with this patch? Does it fix Pfblocker as well as snort?
-
@mikej47 said in SNORT gone after Pfsense update:
@bmeeks Has anyone had any luck with this patch? Does it fix Pfblocker as well as snort?
The PHP patch has been reported, by multiple users, to fix the issues with PHP crashing for both packages. The crash of PHP itself is the cause of the failure to complete installation for the Snort package.
-
@bmeeks Thank you for the information.
This will be my first time installing a patch on in Pfsense. I plan on following the procedure found at https://docs.netgate.com/pfsense/en/latest/development/system-patches.html - "System Patches Package".
My SG-3100 is currently running 2.4.5-RELEASE-p1.
Do I first upgrade Pfsense by going to System > Update > and for Branch selecting Latest stable version 21.02.x , upgrading Pfsense, and then install the patch?
Thank you.
-
@mikej47 said in SNORT gone after Pfsense update:
Do I first upgrade Pfsense by going to System > Update > and for Branch selecting Latest stable version 21.02.x , upgrading Pfsense, and then install the patch?
Yes but if itβs only showing you 21.02 not 21.05 you may need to update twice. Without looking, Iβm pretty sure the patch was for 21.05.
-
The PHP patch is in the 21.05.1 release of pfSense+. Here is a link to the Release Notes: https://docs.netgate.com/pfsense/en/latest/releases/21-05-1.html.
So if you update to that version of pfSense+, you will not need to install the patch -- it's already baked in.
-
@bmeeks that is great news. I can just upgrade to that version and the patch is built in. What is Pfsense + ? How do I get the + version?
-
@mikej47 said in SNORT gone after Pfsense update:
@bmeeks that is great news. I can just upgrade to that version and the patch is built in. What is Pfsense + ? How do I get the + version?
pfSense+ is the new name for the old "Factory Edition" of pfSense that comes on Netgate appliances. When you upgrade to the latest 21.05.1 version, pfSense+ is what that will be.