Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    A short preview of the "3.0" CLI commands (/r/PFSENSE)

    Development
    2
    3
    948
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biggsy last edited by

      I'm already signed up to far too many forums, so asking here.  Apologies if that's not considered appropriate.

      Maybe I missed it but there doesn't appear to be an equivalent to this bgpctl command:

      neighbor peer clear [reason]

      Stop and restart the BGP session to the specified neighbor.
          If a reason is provided, the reason is sent as Administrative Shutdown Communication to the neighbor.
          The reason cannot exceed 128 octets. Peer may be the neighbor's address or description.

      I guess it might be a "corner case" but I find this very useful for recreating an Alias table of blacklisted IPs (maintained via fail2ban/openbgp on another system) after a firewall rule change/reload.

      1 Reply Last reply Reply Quote 0
      • B
        biggsy last edited by

        Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

        I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

        It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

        The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

        Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          @biggsy:

          Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

          I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

          It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

          The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

          Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

          Sorry…just realized today that I posted my reply to the wrong thread ...  :-[

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post