Package removed, but old settings remained (HAVP - Antivirus - Widget)



  • Stale/old configs remained in the system after packages were installed, reinstalled, and uninstalled. How can everything related to a particular package be completely removed?

    Example: These packages were added on a new install (2.1.2), 2.2Mhz Intel, 1GB ram, 1TB HD:

    • Squid
    • SquidLight
    • HAVP
    • Dashboard Widget: HAVP
    • Dashboard Widget: Antivirus Status

    Due to system sluggishness, these were removed:

    • HAVP
    • Dashboard Widget: HAVP
    • Dashboard Widget: Antivirus Status

    But the antivirus widget remained as an option in the dashboard. So, every package was uninstalled, and reinstalled once again, one at a time, rebooting the system (just because) in between every install… and then those 3 last packages related to HAVP were removed.

    I was impressed to find out that after the second install of HAVP, somehow the old settings were still there. This shows that something is left behind when uninstalling packages.

    So, I need to know how to remove or clear stale config files and data from removed packages.

    BTW, the option to add the antivirus widget to the dashboard is still there, although there is no package that handles anything related to antivirus anymore.



  • Hi, Welcome to pfSense Forums!

    When I uninstalled DansGuardian multiple times, the old settings were still there.  When a package is uninstalled, the settings are backed up, just in case the firewall admin can re-install the package without problems since the settings are recovered during a re-install.

    To actually remove the settings, restore the pfSense box to factory defaults (option 4 in the console).

    NOTE: Restoring to defaults removes all of the packages and their settings, as well as the Certificates, CAs, and the NIC setup, DHCP, etc., are all cleared.

    Write down the Interface name, and the NIC name (ex: re0), the subnets used in the LAN interface(s), and 6to4 tunnels (if any at present), and packages installed by going to System -> Packages.  Also, if there are firewall rules and NAT settings set, write those down as well.

    Example:
    Firewall Rules for WAN:
    IPv4/TCP Src Addr: * Src Port: * Dst Addr: WAN Address Dst Port: 8443 <– Access the pfSense box from any location
    IPv4/TCP Src Addr: * Src Port: * Dst Addr: WAN Address Dst Port: 22 <-- SSH access from any location to the pfSense box

    NAT settings for WAN - Port Forward: (ex: Xbox 360/One)
    If: WAN Proto.: TCP/UDP Src Addr.: * Src Port: * Dst Addr: * Dst Port: 3074 NAT IP: Alias/IP address (ex: 172.16.0.5) NAT Port(s): 3074
    If: WAN Proto.: UDP Src Addr.: * Src Port: * Dst Addr: * Dst Port: 88 NAT IP: Alias/IP address (ex: 172.16.0.5) NAT Port(s): 88

    NAT Settings for WAN - Outbound: (ex: Xbox 360/One)
    If: WAN Src: LAN/OPTn Subnet Port: * Dst: * Dst Port: 3074 NAT Addr: WAN Address NAT Port: * Static: Yes
    If: WAN Src: LAN/OPTn Subnet Port: * Dst: * Dst Port: 88 NAT Addr: WAN Address NAT Port: * Static: Yes
    If: WAN Src: LAN/OPTn Xbox Address Port: * Dst: * Dst Port: * NAT Addr: WAN Address NAT Port: * Static: Yes



  • Thanks, that was a quite detailed explanation, but I was really hoping to stretch the original install, or know how to fix a pfSense box once in production. The main concern I have is with Squid cash. This box will be used in a "bottlenecked" environment with only 2Mbts internet connection with 50+ windows users (don't ask!). We need to keep cash for Windows Updates, virus updates, etc.

    So, it would be nice to…

    • Know where or how to find location for configs of particular packages.

    • Know that someone is looking at the leftover "garbage" when packages are uninstalled. Or at least make the HAVP package maintainers aware that uninstalls are not 100% yet.

    Thanks!



  • Just FYI… pfSense seems to be a continuous work in progress, but it is still one of the best FREE alternatives out there. There are many issues on getting packages configured properly, and information is spread all over (although this forum is a great place to get started). Anyway, I found out that in many cases (more often then not), simply re-installing a package is NOT enough. Also, restore using the "Factory Defalts" from the Diagnostics menu, does NOT clear everything. That is a VERY MISLEADING name. The only thing it resets is some superficial settings of the XML config file and web user interface. Many stale configurations and files remain around, and specially those that where manually changed/created via shell.

    So, my 2 cents are: once anything gets miss-configured (unstable), simply backup you configuration, do a brand new fresh install ("formatting" the drive), EDIT your config-pfSense.XXXX.xml file, and manually remove everything related to the bad/hung package, and then restore you config back. YES, stale settings will also remain the XML config file, even if after you remove packages our related items using the web interface!!!


Log in to reply