Problem with update to patches
-
I previously had the problem described at Redmine #14947, downloaded the patch, and everything was fine. Tonight I downloaded the update to Patches, and now everything is broken. Patches indicated that the #14947 patch was installed although it was also installed manually. Resolving URL aliases failed to work and I got a bazillion error messages. Removed the manually installed patch, rebooted, and the alias resolution still didn't work. I killed all the firewall rules that depended upon URL alias resolution just so I could reach this site!
-
@rloeb Bottomline: the patch that was working is no longer working!
-
System Patches 2.2.8 in 23.09?
-
Can't replicate that here. Applying the recommended patches allows rules with URL aliases to generate correctly. Without it I get the expected error:
Unresolvable destination alias 'cloudflare' for rule 'Test URL Aliases' @ 2023-11-23 13:48:29Is that the error you see for each rule?
-
@stephenw10 Tes, System Patches 2.2.8.
-
@stephenw10 Yes, that's the error message for each rule.
Gonna try reinstalling System Patches. -
@rloeb Reinstalled System Patches 2.2.8, made sure the "Fix URLs" patch is applied, rebooted, re-activated one rule based on an alias that references a URL list, and got the "Unresolvable destination" error.
-
Hmm, and yet manually adding that patch worked as expected in the previous System Patches package?
If you view the patch is it actually the same as the patch you applied before?
If you check /etc/inc/util.inc is the patch actually applied?
You aliases are just URL(IPS) type?
-
@stephenw10 I'm currently running without the patch and without the alias rules so my wife can do her black friday shopping! I suspect that the real problem was with the unbound DNS resolver...
-
Ah, so it couldn't populate the alias? Yeah that's an issue if connectivity relies on those aliases.
-
@stephenw10 Yup!
-
@rloeb Back in the office and still trying to deal with this issue. Reinstalled System_Patches and ran "debug" on the URL patch. Doesn't apply properly. Got the following error message:
/usr/bin/patch --directory='/' -t --strip '2' -i '/usr/local/pkg/patches/a6cf534d0fa0297547f1e587a12729f9d7066bae.patch' --check --forward --ignore-whitespace
Hmm... Looks like a unified diff to me...
The text leading up to this was:|commit a6cf534d0fa0297547f1e587a12729f9d7066bae
|Author: Marcos Mendoza mmendoza@netgate.com
|Date: Wed Nov 8 10:44:26 2023 -0600
|
| Support URL IP aliases in alias_expand(). Fix #14947
|
|diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
|index 0e1640f4f5..2ef5196f6c 100644
|--- a/src/etc/inc/util.inc+++ b/src/etc/inc/util.inc Patching file etc/inc/util.inc using Plan A... Ignoring previously applied (or reversed) patch. Hunk #1 ignored at 2144. Hunk #2 ignored at 2154. 2 out of 2 hunks ignored while patching etc/inc/util.inc done -
Hmm, that's not an error. It implies the patch is already applied. I assume it's still throwing the error though? Or just the DNS issue?
-
@stephenw10 When the patch is active, and I activate a rule that uses an alias table, I get the URL error message.
How do I check that the patch was actually applied?
-
@rloeb Incidentally, the system log shows that the URL tables are being updated. What does "Unresolvable source alias" mean? The data is there.
-
I see the same thing, except I was having an issue where it would buffer at 1:10 into any video. Tried all of the troubleshooting stuff and now I'm stuck with an app that won't open at all.
-
Open the file and check that the patch lines are actually there like:
-
@stephenw10 I checked, and, yes, the patch exists at line 2078. However, if I activate a rule that depends on a URL alias, I get
"Unresolvable source alias 'Akamai_auto' for rule 'Akamai' @ 2023-12-02 14:49:52"System log: b39c2773-6ca7-4e2d-976b-35c2377cba33-pfsense system log 12022023.txt
Definition of the alias:
Akamai_auto URL Table (IPs) https://github.com/SecOps-Institute/Akamai-ASN-and-IPs-List/blob/master/akamai_ip_cidr_blocks.lst
Akamai_autoThe alias is populated.
-
Does it actually populate the table in Diag > Tables?
Does it work if you use
https://raw.githubusercontent.com/SecOps-Institute/Akamai-ASN-and-IPs-List/master/akamai_ip_cidr_blocks.lstfor thatlink instead?
