A short preview of the "3.0" CLI commands (/r/PFSENSE)

Development
Log in to reply
  • B

    I'm already signed up to far too many forums, so asking here.  Apologies if that's not considered appropriate.

    Maybe I missed it but there doesn't appear to be an equivalent to this bgpctl command:

    neighbor peer clear [reason]

    Stop and restart the BGP session to the specified neighbor.
        If a reason is provided, the reason is sent as Administrative Shutdown Communication to the neighbor.
        The reason cannot exceed 128 octets. Peer may be the neighbor's address or description.

    I guess it might be a "corner case" but I find this very useful for recreating an Alias table of blacklisted IPs (maintained via fail2ban/openbgp on another system) after a firewall rule change/reload.

    0
  • B

    Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

    I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

    It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

    The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

    Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

    0
  • bmeeks

    @biggsy:

    Thanks Bill but I'm not sure how it would be related to Squid.  However, I'm not a Squid user either so I could easily be wrong.

    I run this bgpctl command from a tiny PHP script called through an afterfilterchange shellcmd.

    It causes the BGP peer to resend all the currently blacklisted IPs, which are loaded into an Alias table referenced by a block rule on WAN.  It does this very, very quickly, too.

    The only reason for having to do all this is that the Alias table is not managed through the GUI, so it gets cleared on a rule change or reload.

    Of course, I have no reason to expect this won't be achievable in some other way under 3.0 but it is a very useful function of openbgpd.

    Sorry…just realized today that I posted my reply to the wrong thread ...  :-[

    Bill

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy