Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reinstalling using USB Recovery - pfBlockerNG in config backup

    pfBlockerNG
    2
    5
    155
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NGUSER6947
      last edited by NGUSER6947

      I had to reinstall pfsense on my backup SG-1100 using USB Recovery. Then I backed up my other (Production) SG-1100 and restored the configuration to the backup device.

      Plugging into the LAN port (on the backup device) with my laptop everything seems to have restored correctly, except obviously pfBlockerNG isn't installed. So I get a handful of warning messages:

      There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
@ 2023-02-10 16:17:14
There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
@ 2023-02-10 16:17:42
There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
@ 2023-02-10 16:18:21
There were error(s) loading the rules: /tmp/rules.debug:162: macro 'pfB_PRI1_v4' not defined - The line in question reads [162]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
@ 2023-02-10 16:18:24

General
Package reinstall process was ABORTED due to lack of internet connectivity @ 2023-02-10 16:14:38

      So... at this point, should I remove pfBlockerNG using the GUI, and then when I'm ready swap this one with the production device, get it online and reinstall pfBlockerNG? Will removing it restore the firewall rules to the way they were before I ever installed pfBlockerNG?

      My fear is that removing the package either won't work to begin with (since no internet connection) or that it won't revert the firewall rules, and thus when I do plug it into the router it'll be uncommunicating.

      Thanks.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @NGUSER6947
        last edited by

        @nguser6947 As I recall, at that point pfSense doesn’t show the package installed. You’d need to install it to uninstall. The pfB aliases won’t exist yet until a pfB force update is run. But you can install it and do that.

        Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
        When upgrading, let it finish. Allow 10-15 minutes, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        N 1 Reply Last reply Reply Quote 0
        • N
          NGUSER6947 @SteveITS
          last edited by

          @steveits Actually it shows up in the Firewall tab.

          I'll attempt to connect it (if it won't connect I should turn off the pfB_PRI1_v4 rule, correct?). Then remove and reinstall the package.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @NGUSER6947
            last edited by

            @nguser6947 The rule will still be there but you'll get the warning that the alias doesn't exist. Therefore the rule doesn't do anything. Whether that affects connectivity depends on what your rule does. :) If it's a deny inbound rule then it won't affect outbound.

            Only install packages for your version, or risk breaking it. If yours is older, select it in System/Update/Update Settings.
            When upgrading, let it finish. Allow 10-15 minutes, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            N 1 Reply Last reply Reply Quote 0
            • N
              NGUSER6947 @SteveITS
              last edited by

              So in the end, I was able to get the device online, uninstall pfBlockerNG, the reinstall it and everything seems to be working just fine. It's now running as my production device.

              I will keep the other one (the one that had been my production unit before) on the shelf for two weeks just to be sure no hidden issues appear with the new one, then will reinstall and upgrade it too.

              Thanks for all the help on these forums, and to Netgate for a solid product 👍.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post