Install older version of Packages
-
@mcury This can also work for Snort right?
-
@ericreiss said in Install older version of Packages:
https://redmine.pfsense.org/issues/14406
My redmine lists how to fix the issue, have you attempted to relink the folder, or copy it over to the empty folder?
After 23.05 update and new Squid version 0.4.46 installed errors started showing, "ERROR: loading file 9;/usr/local/etc/squid/errors/en/ERR_ZERO_SIZE_OBJECT': (2) No such file or directory" and many others the path /usr/local/squid/errors/templates is the only sub folder listed with error code. It seems Headers Handling, Language and Other Customizations settings for languages is not loading the error codes into the required subfolder. System is functional however no errors are listed Fix: cp -a /usr/local/etc/squid/errors/templates/. /usr/local/etc/squid/errors/en-us cp -a /usr/local/etc/squid/errors/templates/. /usr/local/etc/squid/errors/en seems to resolve this however for other languages there is no error codes anylonger.
-
@JonathanLee said in Install older version of Packages:
@mcury This can also work for Snort right?
I didn't test, but I think it could work.. The best approach would be to wait a proper fix..
For softflowd, I tested a lot of versions and they all worked, but softflowd is much simpler than Squid or Snort.. -
@JonathanLee I had done that over the summer. It fixed the one error but there are other problems and @stephenw10 thought there might be a bigger issue since some thing were not being installed properly, it might be indicative of bigger and/or more widespread problems.
So your fix while solving some of the warnings did not resolve the other problem I was seeing.
I was trying to get Squid to do the AV Clam scanning so my needs were more involved.
-
@mcury I need the Snort .11 version, my 23.05.01 has separated layer 2 broadcast domains for Compex card Vs Marvel Switch in 23.09.01 they are all one giant broadcast domain, I have issues with Arp Storms in the past, so I am stuck until that is resolved in 23.09.01 I have an open redmine for it because that could open a possibility of VLAN hopping because it does do double MAC registrations, it also did that in 23.05.01 but the traffic between the layer 2 interfaces did not flow like it does in 23.09.01
https://redmine.pfsense.org/issues/15104
This concerns me, the intra interfaces should not require layer 2 communication between each other, they are not virtual not even on the same switch, they have different outbound NAT, they have different layer 3 IP addresses. It worked correctly in 23.05.01, I think KEA DHCP implication has something to do with it, but ISC is also showing one broadcast domain. It's weird.
-
@ericreiss Oooo I have a 2100 MAX ClamAV eats up RAM I use to run it all the time, it works still but with Snort's appID running with all my custom text rules Snort needed more RAM so TAC's recommendation was for me to just disable ClamAV because I don't have the RAM for it to run both packages.
-
@JonathanLee so we have a 6100MAX and I have it running on an old PC with lots of memory. I was using the PC to investigate using it for our small company Internet Firewall.
So the 2100MAx has 4GB RAM and the 6100MAX has 8GB. I'm not even sure what the appID function of Snort is but if we ever start using it, I will keep this in mind.
Have been busy with many other critical tasks and have not been able to check on Squid status.
I thought there would be an update and alert via email.
Not until your note to StephenW10 about wget did I decide to look again.
-
If you're still seeing the missig language issue in 23.09.1 you should add that as a comment on the bug. Currently it's in feedback state after we could no longer replicate the problem in 23.09 and the only feedback is positive.
However any development effort on Squid/Squidguard is likely to be minimal at this point after the deprecation notice. Unless the outstanding upstream bugs are fixed.
Additionally I would expect pkgs compiled against older version to fail. Anything that works there is more by luck than anything!
Steve
-
@stephenw10 Thanks for the information. I have not been paying the attention needed to have noticed the deprecation notice. I just read it.
Is there a pfSense package that replaces Squid's AV capabilities?
Thank you.
-
Not yet. If the upstream issues are fixed we may be able to bring it back. My personal opinion is that would be the best outcome since anything else is likely to be a feature reduction. But we cannot continue offering it indefinitely with the known issues still present.
-
@stephenw10 Pretty Please fix it upstream :)