4. A short preview of the "3.0" CLI commands (/r/PFSENSE)

A short preview of the "3.0" CLI commands (/r/PFSENSE)

  • B

    I'm already signed up to far too many forums, so asking here.  Apologies if that's not considered appropriate.

    Maybe I missed it but there doesn't appear to be an equivalent to this bgpctl command:

    neighbor peer clear [reason]

    Stop and restart the BGP session to the specified neighbor.
        If a reason is provided, the reason is sent as Administrative Shutdown Communication to the neighbor.
        The reason cannot exceed 128 octets. Peer may be the neighbor's address or description.

    I guess it might be a "corner case" but I find this very useful for recreating an Alias table of blacklisted IPs (maintained via fail2ban/openbgp on another system) after a firewall rule change/reload.

    0
  • B

    Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

    I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

    It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

    The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

    Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

    0

  • @biggsy:

    Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

    I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

    It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

    The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

    Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

    Sorry…just realized today that I posted my reply to the wrong thread ...  :-[

    Bill

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy