• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Reinstalling using USB Recovery - pfBlockerNG in config backup

Scheduled Pinned Locked Moved pfBlockerNG
5 Posts 2 Posters 649 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    NGUSER6947
    last edited by NGUSER6947 Mar 8, 2023, 1:47 PM Mar 8, 2023, 1:45 PM

    I had to reinstall pfsense on my backup SG-1100 using USB Recovery. Then I backed up my other (Production) SG-1100 and restored the configuration to the backup device.

    Plugging into the LAN port (on the backup device) with my laptop everything seems to have restored correctly, except obviously pfBlockerNG isn't installed. So I get a handful of warning messages:

    There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
    @ 2023-02-10 16:17:14
    There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
    @ 2023-02-10 16:17:42
    There were error(s) loading the rules: /tmp/rules.debug:164: macro 'pfB_PRI1_v4' not defined - The line in question reads [164]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
    @ 2023-02-10 16:18:21
    There were error(s) loading the rules: /tmp/rules.debug:162: macro 'pfB_PRI1_v4' not defined - The line in question reads [162]: block return in log quick on $LAN inet from any to $pfB_PRI1_v4 ridentifier 1770011057 label "USER_RULE: pfB_PRI1_v4" label "id:1770011057"
    @ 2023-02-10 16:18:24
    
    General
    Package reinstall process was ABORTED due to lack of internet connectivity @ 2023-02-10 16:14:38
    

    So... at this point, should I remove pfBlockerNG using the GUI, and then when I'm ready swap this one with the production device, get it online and reinstall pfBlockerNG? Will removing it restore the firewall rules to the way they were before I ever installed pfBlockerNG?

    My fear is that removing the package either won't work to begin with (since no internet connection) or that it won't revert the firewall rules, and thus when I do plug it into the router it'll be uncommunicating.

    Thanks.

    S 1 Reply Last reply Mar 8, 2023, 2:00 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @NGUSER6947
      last edited by Mar 8, 2023, 2:00 PM

      @nguser6947 As I recall, at that point pfSense doesn’t show the package installed. You’d need to install it to uninstall. The pfB aliases won’t exist yet until a pfB force update is run. But you can install it and do that.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      N 1 Reply Last reply Mar 8, 2023, 3:14 PM Reply Quote 0
      • N
        NGUSER6947 @SteveITS
        last edited by Mar 8, 2023, 3:14 PM

        @steveits Actually it shows up in the Firewall tab.

        I'll attempt to connect it (if it won't connect I should turn off the pfB_PRI1_v4 rule, correct?). Then remove and reinstall the package.

        S 1 Reply Last reply Mar 8, 2023, 3:36 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @NGUSER6947
          last edited by Mar 8, 2023, 3:36 PM

          @nguser6947 The rule will still be there but you'll get the warning that the alias doesn't exist. Therefore the rule doesn't do anything. Whether that affects connectivity depends on what your rule does. :) If it's a deny inbound rule then it won't affect outbound.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          N 1 Reply Last reply Mar 8, 2023, 9:02 PM Reply Quote 0
          • N
            NGUSER6947 @SteveITS
            last edited by Mar 8, 2023, 9:02 PM

            So in the end, I was able to get the device online, uninstall pfBlockerNG, the reinstall it and everything seems to be working just fine. It's now running as my production device.

            I will keep the other one (the one that had been my production unit before) on the shelf for two weeks just to be sure no hidden issues appear with the new one, then will reinstall and upgrade it too.

            Thanks for all the help on these forums, and to Netgate for a solid product 👍.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received