How to change from pfblockerNG v2 to v3?
-
Netgate 1100 running pfSense 22.05. I am currently running pfblockerNG version 2.1.4_27 and it is working with GeoIP and alias lists. I've read that I should really be running the "devel" version 3.1.x as that is the currently supported version.
How do I change? Remove the v2 package, and install v3 then reconfigure? Install v3 beside v2, configure v3, then disable v2 and remove the v2 package? How to do this with the least pain and hassle?
Netgate 1100 and Netgate 2100, latest pfsense+ version
-
@beerguzzle Not only that, but a CVE was released today for version 2. CVE-2022-31814
I know that didn't answer your question, but might make you want to do it quicker. :) I haven't installed/used pfBlocker yet, so I don't have first hand experience/info for you.
-
@beerguzzle While there should be support for actually upgrading from the current v2 to v3, I would not undertake such an operation. In my opinion you are much better of by configuring v3 from the ground up again (to avoid any issues with upgrading). There are several brand new features, and you especially want to use the Unbound python integration.
By removing settings you also get the option to redesign your setup slightly if wanted. Personally I would never let pfBlocker create and organize firewall rules based on IP bloking options.
I just have it creating allow and deny alias lists, which I use myself in my own rules.The key is to remove the v2 package before you install the devel v3 package. BUT!: If you don’t want to upgrade (start over), make sure you have unticked the “Keep settings” on the GENERAL tab and press SAVE. Then untick “enable”, and press SAVE. Now you can remove the package - which will also remove all settings from your general pfSense config file and let you start over.
-
@keyser Thanks for the advice. I got v2 outta there per your instructions, got v3 in place, and got things working again.
