Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Plus block file upload

    General pfSense Questions
    7
    26
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lucas Rey
      last edited by

      @bmeeks said in pfSense Plus block file upload:

      Veteran pfSense users tend to be a little sensitive to broad accusations made against the software without warrant. Here's what I mean ---

      I understand, and agree. But let me explain my point of view. I'm not a security expert, not a newbie too anyway. What I did is just upgrade from 2.6 to pfSense plus 23.01 and from this point, I got upload issue. From my preliminary investigation, I see that rolling back to 2.6 or skip the pfSense network at all, everything worked fine. So, yes, my first question was: "Why pfSense block my upload"? Then after further investigation I discovered the issue in ClamAV. Still anyway don't understand why in 2.6 I got no issue, btw.
      Probably I was wrong, and considered pfSense a box that contains everything, included ClamAV. That's why I wrote MY pfSense have an issue. That's it :)

      Thank you anyway for your long explanation post.

      bmeeksB S 2 Replies Last reply Reply Quote 0
      • bmeeksB
        bmeeks @Lucas Rey
        last edited by bmeeks

        @lucas-rey said in pfSense Plus block file upload:

        Still anyway don't understand why in 2.6 I got no issue,

        There are a number of changes in 23.01 (and pfSense 2.7 CE DEVEL) compared to pfSense 2.6. One huge change is the move from FreeBSD 12.3-STABLE to 14-CURRENT. Another big change is the move from PHP 7.4 to PHP 8.1.

        In your case with clamAV, my suspicion would be an issue perhaps with the move from FreeBSD 12.3-STABLE to 14.0-CURRENT.

        But I stand by my original post -- when you install an add-on package whose job is to block stuff, then anytime something stops working the very first place to investigate is that add-on blocking package. Try disabling it to see if the block goes away. If it does, you've found the culprit and can troubleshoot accordingly. Netgate does not test packages for upgrade compatibility. That falls upon the volunteer package developers. Only in rare instances will Netgate step up and modify a package's code base.

        L 1 Reply Last reply Reply Quote 0
        • L
          Lucas Rey @bmeeks
          last edited by

          @bmeeks said in pfSense Plus block file upload:

          when you install an add-on package whose job is to block stuff,

          Here is the problem, if i had installed a package or a new module, for sure my first investigation would have been redirected to such package. Because I upgraded a working pfSense, and I got a system that start to have issue without any reason. Later I realize that the only external module I have enabled in the past was the proxy server, but the first post here was written to ask for advice on which section I can start to investigate, sure, I didn't mean that pfSense software doesn't work at all :)

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @Lucas Rey
            last edited by

            I think people are arguing semantics. :)

            @lucas-rey
            In addition to the above, note upgrading pfSense also upgrades any installed packages. This is why Netgate recommends uninstalling packages before upgrade. So regardless of pfSense, clamAV was also likely updated to a newer version.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @bmeeks
              last edited by Gertjan

              @bmeeks
              First of all, I stand corrected : pfBlockerNG, by default, right after installing, does contain an 'example' DNSBL feed, probably the "StevenBlack" list.
              This means these will get blocked for DNS resolution.

              @Lucas-Rey
              There are packages listed in here System > Package Manager > Available Packages that add a functionality, like "Notes".
              Some make more info pfSense available, like Cron.
              And some really do interact upon the traffic flowing trough the router/firewall.

              Btw : upgrading from pfSense 2.6.x to 23.01, afaik, doesn't interact with the traffic. Neither the fact that pfSense used PGP 7.4 before, and now 8.x. Upgrading a package, any package, doesn't change a thing.
              But : these packages, like pfBlockerNG, ClamAV, and other use rules or feeds or whatever externally available info that is sourced by .... people and sources completely unknown to pfSense (Netgate) and the package (authors) used.
              And soon as you start to use these packages, you have to baby-sit them, as "the rule set" used can react upon traffic any time.
              I'm not exaggerating : every morning, coffee first and then you inspect the blocked or 'event' list of the package.

              The very first day you installed pfSense, you found no firewall rules on the WAN interface, and just one pass all rule on the LAN.
              Nothing was filtered. Security was also easy : nothing comes in except what you (the human) takes in by visiting a site, and getting it some content.
              Now you want to block access to some sites or some content : you use ClamAV, so you started to use automation.
              False positives is now a thing, and surely not an exception, so, you - the admin - have work to do : check what the package does/did. Your system will be as secure as the level of your understanding of how it works.
              Also : security can never be automated 100 % as long as humans are involved.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @Gertjan
                last edited by

                @gertjan

                pfBlockerNG, by default, right after installing, does contain an 'example' DNSBL feed

                DNSBL isn’t enabled by default. There are plenty of DNSBL feeds that appear on the Feeds tab, but none of those are enabled either.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.