SNORT gone after Pfsense update
-
Netgate's pretty quick on bugs in pfSense code. I expect since it's not a pfSense bug the only option is to wait until Zend/PHP fixes it. I would plan to not upgrade for a while.
-
@steveits Makes sense. Thank you for the info!
-
For users having issues with Snort or Suricata installing on Netgate SG-3100 appliances, try the patch provided by @jimp in this thread: https://forum.netgate.com/topic/161050/snort-won-t-start-after-upgrade-to-21-02-on-sg-3100/24?_=1622736263256.
The patch makes a change to a PHP configuration value, but you will need to follow the instructions in the post to make sure the PHP engine loads the new value.
-
@bmeeks Has anyone had any luck with this patch? Does it fix Pfblocker as well as snort?
-
@mikej47 said in SNORT gone after Pfsense update:
@bmeeks Has anyone had any luck with this patch? Does it fix Pfblocker as well as snort?
The PHP patch has been reported, by multiple users, to fix the issues with PHP crashing for both packages. The crash of PHP itself is the cause of the failure to complete installation for the Snort package.
-
@bmeeks Thank you for the information.
This will be my first time installing a patch on in Pfsense. I plan on following the procedure found at https://docs.netgate.com/pfsense/en/latest/development/system-patches.html - "System Patches Package".
My SG-3100 is currently running 2.4.5-RELEASE-p1.
Do I first upgrade Pfsense by going to System > Update > and for Branch selecting Latest stable version 21.02.x , upgrading Pfsense, and then install the patch?
Thank you.
-
@mikej47 said in SNORT gone after Pfsense update:
Do I first upgrade Pfsense by going to System > Update > and for Branch selecting Latest stable version 21.02.x , upgrading Pfsense, and then install the patch?
Yes but if itβs only showing you 21.02 not 21.05 you may need to update twice. Without looking, Iβm pretty sure the patch was for 21.05.
-
The PHP patch is in the 21.05.1 release of pfSense+. Here is a link to the Release Notes: https://docs.netgate.com/pfsense/en/latest/releases/21-05-1.html.
So if you update to that version of pfSense+, you will not need to install the patch -- it's already baked in.
-
@bmeeks that is great news. I can just upgrade to that version and the patch is built in. What is Pfsense + ? How do I get the + version?
-
@mikej47 said in SNORT gone after Pfsense update:
@bmeeks that is great news. I can just upgrade to that version and the patch is built in. What is Pfsense + ? How do I get the + version?
pfSense+ is the new name for the old "Factory Edition" of pfSense that comes on Netgate appliances. When you upgrade to the latest 21.05.1 version, pfSense+ is what that will be.