No Alerts from pfBlockerNG since update
-
Guys,
I know missing something really obvious here.
Here's the story ...
I have a PFS setup on a dell 1950 running 2.4.4-RELEASE-p3 (amd64) with pfBlockerNG 2.1.4_17 and snort 3.2.9.8_6. Works like a dream.
I copied the config to a thumb drive and installed on a completely new machine, as described here:
https://docs.netgate.com/pfsense/en/latest/backup/automatically-restore-during-install.html
The move seemed to work fine, but [unfortunately] the packages updated themselves to latest versions ... which seem to require version 2.4.5. I tried to get back to older versions using a couple of the many threads on the subject but no joy.
SO ... I removed snort and pfBlockerNG and upgraded to 2.4.5. Again ... went like a dream. Reinstalled packages which picked up the original configs and all seemed wonderful.
BUT ...
Since then I've received no alerts from pfBlockerNG ...
I've set up a key for MaxMind - everything downloads as it should.
I've tried upgrading pfBlockerNG to pfBlockerNG-devel as some folks suggest - no change.
I've worked through the configs on working [old] and not working [new] machines and they seem to be the same [more or less with obvious differences due to package update, etc].
Snort is running without a hitch though.
It seems my stupidity knows no bounds :(
Does anyone have any suggestions, other than stick with the working machine?
Thanks!
Chip.
-
Guys,
Mystery solved.
All my fault, plus assistance from the H/W manufacturer ...
Seems that port0 MAC ended :0b and port1 ended :0a, so I basically had them labeled the wrong way around. PfBlockerNG was set up on the 'outside' port, hence what I was seeing.
Like I said - all my fault, but I'd still love to have a minute with the olympic class ^%$ head that designed it this way.
Hope someone else benefits from this experience.
Chip