pfblockerng 3.0.0_15 not available in 2.4.5p1
-
Hi, can you please check and advise if the pfblockerNG-devel 3.0.0_15 will be available to 2.4.5p1?
system: sg-3100
Thanks in advance.
-
I can't find the recent post, but basically no, the updates go into the current repositories.
-
@teamits hm, this is not good..
SG-3100 can't run pfblockerng at all with 21.02 or 21.02p1 releases.
Which means that I'm stuck with 3.0.0_10, or at least until the problem is fixed..If you are correct, no more packages updates for 2.4.5p1..
This is really a punch in the stomach for the SG-3100 users..It seems that the problem is with the compilers for arm 32 bits, so no easy fix..
I don't know what to say anymore.. Maybe they will rush to EOL this device..
-
We have one 3100 ourselves and more at several clients so I feel you. At least it's not like it stops working on 2.4.5, one just can't get new package features yet. At least they don't auto-upgrade.
-
@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
I don't know what to say anymore.. Maybe they will rush to EOL this device..
Why saying something ?
Read what happened.
and
Then upgrade.3100 just came out. Its not EOL at all.
-
@gertjan said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
I don't know what to say anymore.. Maybe they will rush to EOL this device..
Why saying something ?
Read what happened.
and
Then upgrade.3100 just came out. Its not EOL at all.
I'm not sure if you are aware of the problem with the compilers..
21.02p1 didn't solve the problem with packages, and according to what I have been reading, this is not going to be an easy fix.
I'm not saying that the previous bug with 21.02 was easy to fix, just saying that this is a new problem.. -
@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
I'm not sure if you are aware of the problem with the compilers..
'The problem' in general or the problem as stated in the blog ?
I guess I could say very safely "no, I don't deal with them anymore", as I work in a hotel.
But, way back (80ties), I had a prof called Dennis Ritchie, during an exchange project from profs from my country with some of them of the states. Let's say he had something to do with compilers ^^
All I know is that "pfSense Plus 21.02-p1 Now Available" for the 3100. Succesful installs have been confirmed and is usable.
Btw : I'm not owning a 3100 myself.
-
@gertjan said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
All I know is that "pfSense Plus 21.02-p1 Now Available" for the 3100. Succesful installs have been confirmed and is usable.
I'm sorry to inform you, but no, it's not.
Btw : I'm not owning a 3100 myself.
I'm a SG-3100 owner, and I'm telling you, you can't install packages in it with 21.02p1.
https://redmine.pfsense.org/issues/11444
https://redmine.pfsense.org/issues/11466
https://redmine.pfsense.org/issues/1155121.02p1 - > TAC ticket with Netgate #INC-76936, and they said: "dev knows about this already, and there's some work to be done beforehand as well. Mainly, the following is somewhat of a per-requisite:
https://redmine.pfsense.org/issues/5413 "
-
@mcury I saw a reference to the unbound issue a few days ago. Not sure why that is relevant but I'm not in the code. :) The other widely reported issues are all PHP crashing in certain functions, which to me means Zend/PHP may need to fix it and it's not going to be nearly as quick as the first fix. At least if someone has upgraded their 3100 they can choose to either remove/disabled those packages or put the 1 CPU limit back in (per Marco https://redmine.pfsense.org/issues/11444). We've just simply not upgraded any of them until this all shakes out.
IMHO, saying "just upgrade" is doing a disservice to everyone with a 3100 using IDS or pfBlocker which I would think is a lot of people.
The 3100 has been out a few years. I don't recall exactly but https://www.netgate.com/support/product-lifecycle.html has "replaced by SG-3100" comments on end of sales dates back in 2014-2015. I didn't think it had been that long though...would have guessed 4ish? However it is ARM and I think the only 32 bit CPU pfSense runs on so it is unique.
-
At least if someone has upgraded their 3100 they can choose to either remove/disabled those packages or put the 1 CPU limit back in (per Marco https://redmine.pfsense.org/issues/11444).
Yes, this is an option, but I really don't want to run with only one cpu.. I prefer to run 2.4.5p1 full speed..
We've just simply not upgraded any of them until this all shakes out.
I did upgrade, and downgraded back to 2.4.5p1 as fast as I could.. Unfortunately I can't recommend anyone who has a SG-3100 to upgrade to 21.02p1 at this moment.
IMHO, saying "just upgrade" is doing a disservice to everyone with a 3100 using IDS or pfBlocker which I would think is a lot of people.
I lost a few days installing, recovering, updating, doing clean installs, updating topics here trying to show the problem.. opening TAC tickets..
The 3100 has been out a few years. I don't recall exactly but https://www.netgate.com/support/product-lifecycle.html has "replaced by SG-3100" comments on end of sales dates back in 2014-2015. I didn't think it had been that long though...would have guessed 4ish? However it is ARM and I think the only 32 bit CPU pfSense runs on so it is unique.
The EOL is from 1 to 3 years.. this ARM 32 bit CPU is giving Netgate a headache, that's why I think that they will probably choose to end this device life cycle.. Heard some rumors that there are plans to release newer versions this year, not sure if it's true..
it would be nice to receive updates for newer packages in 2.4.5p1 until the problem is fixed with 21.02p1..
-
@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1:
I really don't want to run with only one cpu
Right, I was just pointing that out as an apparent workaround until the PHP issues are fixed, for someone who can't downgrade and doesn't want to run with out Snort or pfBlocker. Haven't tried it myself.
re: 3100 date:
blog post: Introducing the SG-3100 Firewall Appliance
by Doug McIntire on 05 Sep 2017