pfBlockerNG Firewall Rules Missing after update to pfS 2.6
-
Just updated pfSense to 2.6 discovered that the pfBlocker firewall rules are missing from Firewall / Rules / WAN
The only pfBlockerNG rule that is showing up is pfB_PRI1_v4 on Firewall / Rules / LAN.
I uninstalled pfBlockerNG and reinstalled I then ran the wizard but still nothing other than pfB_PRI1_v4 on Firewall / Rules / LAN.
Help!
(EDIT 1) Before the update the Firewall / Rules / WAN contained the following:
pfB_BinaryDefense
pfB_FireHOL3
pfB_SpamhausDrop
pfB_SpamhauseEDROP
etc...
etc... -
@seeking-sense Did you force an update in pfBlocker? That is normally what regenerates the aliases/rules.
-
@steveits Hi. Yes I forced an update and a reload.
Feeling naked right now and that's not a pretty picture.
-
@steveits Just enabled Floating and pfB_PR1_v4 shows up in Floating for WAN and LAN.
I disable Floating and reloaded and it NOW appears in Firewall / Rules /WAN.
Please forgive the NOOB question but are the Floating Rules applied first before anything in the WAN or LAN rules?
-
@seeking-sense "maybe"...floating rules are...different.
https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html#processing-order
One issue I just thought of...at one point a pfB update changed the alias names...so we ended up with aliasname_v4_v4 now or something like that. IIRC the rules still existed but the aliases names were wrong so we needed to update the rules to use the "new" name.
re: upgrade, it may be too late now but generally we follow Netgate's upgrade guide and uninstall pfBlocker, upgrade pfSense, and install pfBlocker. I run an update manually after installation but haven't had a problem with it creating rules.
In many cases we use Alias Native which just creates the alias, and then create our own rules. That allows things like reordering the rules, say to allow an exception.