Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG installation in 2 pfSense HA and CARP

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MerinF01
      last edited by

      Hello! I have 2 pfSense 2.4.4-p3 with HA and CARP.
      Is possible to install and configure pfBlockerNG in both pfSense servers? Or exists any problem in HA and CARP pfSense infrastructure?
      How to configure?
      Is it configured individually in each pfSense?
      Or does HA sync help me in any way?
      Best regards!

      viktor_gV 1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @MerinF01
        last edited by

        @MerinF01 You need to install and enable pfBlockerNG on both nodes,
        and configure XMLRPC sync on the primary node for the configuration synchronization:
        Screenshot from 2020-06-10 13-12-54.png

        1 Reply Last reply Reply Quote 0
        • M
          MerinF01
          last edited by

          Hi Viktor! Thanks for your response.
          In HA configuration I'm not using admin user.
          The user have "System - HA node sync" privileges.
          It's a problem to pfBlockerNG sync?
          Best regards!

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @MerinF01
            last edited by

            @MerinF01 said in pfBlockerNG installation in 2 pfSense HA and CARP:

            Hi Viktor! Thanks for your response.
            In HA configuration I'm not using admin user.
            The user have "System - HA node sync" privileges.
            It's a problem to pfBlockerNG sync?
            Best regards!

            Of course, you can use a user with "System - HA node sync" privileges.

            1 Reply Last reply Reply Quote 0
            • M
              MerinF01
              last edited by

              Only one question more :-) (sorry!)

              I see 2 installation packages:
              pfBlockerNG (2.1.4_22 version)
              pfBlockerNG-devel (2.2.5_32 version)
              Which one should I install in pfSense 2.4.4? What is the difference between the two?
              Best regards!

              viktor_gV 1 Reply Last reply Reply Quote 0
              • viktor_gV
                viktor_g Netgate @MerinF01
                last edited by

                @MerinF01 pfBlockerNG-devel contains the most recent changes

                Also update pfSense to the latest version 2.4.5-p1:
                https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html

                1 Reply Last reply Reply Quote 0
                • M
                  MerinF01
                  last edited by

                  Thanks for all Viktor.
                  Then I will install pfBlockerNG-devel but at the moment I will not update to version 2.4.5
                  I'm implementing a new infrastructure and installed 2.4.5 twice (VMs on Hyper-V environment).

                  I have had serious problems with version 2.4.5 (CPU 100%, lose net packages, etc.) and I have had to finally opt for version 2.4.4 that is working fine.

                  I appreciate all the help you have given me.
                  Best regards!

                  viktor_gV S 2 Replies Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate @MerinF01
                    last edited by

                    @MerinF01 said in pfBlockerNG installation in 2 pfSense HA and CARP:

                    Thanks for all Viktor.
                    Then I will install pfBlockerNG-devel but at the moment I will not update to version 2.4.5
                    I'm implementing a new infrastructure and installed 2.4.5 twice (VMs on Hyper-V environment).

                    I have had serious problems with version 2.4.5 (CPU 100%, lose net packages, etc.) and I have had to finally opt for version 2.4.4 that is working fine.

                    I appreciate all the help you have given me.
                    Best regards!

                    This issue is fixed in 2.4.5-p1:

                    pfSense software release version 2.4.5-p1 addresses several security issues:

                    Addressed an issue with large pf tables causing system instability and high CPU usage during filter reload events on some multi-CPU platforms (e.g. Hyper-V, Proxmox, some bare metal systems)

                    See full list of changes https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-p1-new-features-and-changes.html

                    1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Galactic Empire @MerinF01
                      last edited by

                      @MerinF01 said in pfBlockerNG installation in 2 pfSense HA and CARP:

                      I will install pfBlockerNG-devel but at the moment I will not update to version 2.4.5

                      Don't do that, upgrade pfSense first! Otherwise you will install packages meant for the latest version, and they might try to install other requirements like a newer version of PHP.

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Galactic Empire @SteveITS
                        last edited by

                        @MerinF01 Actually you can work around that also, in System/Update/Update Settings, they have left "previous stable version" as an option so you can pull packages from 2.4.4.

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote 👍 helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • M
                          MerinF01
                          last edited by

                          Ok! then i install the old version of pfBlockerNG, correct? At the moment I prefer not to update pfSense. With the previous version of pfBlockerNG for 2.4.4 no problem right?

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            SteveITS Galactic Empire @MerinF01
                            last edited by

                            @MerinF01 Right, if you set the update settings to use the previous stable version, the package manager will show you the packages for 2.4.4.

                            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                            Upvote 👍 helpful posts!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.