[pfBlockerNG] How to sync IPv4 FilterLists between CARP-Boxes

  • Hi there, I'm trying to get two pfSense-boxes with CARP to sync pfblocker settings. The master node was configured and under the sync tabs "sync to configured system backup server" was chosen. But it does not seem to work properly. Contries I highlighted on the master box do not appear on the backup node. Also manually provided IPv4-Filter-list won't appear on the other side.

    What I actually can see on the second node are the firewall rules which pfblocker creates.
    How is this supposed to work. Should those highlighted countries and the IP-filter-lists even appear on the backup node? or do you even need to also set them up there?

    Thank you very much =)

  • Moderator

    Hi badger,

    Try to use the option "Sync to host(s) defined below" instead of "sync to configured backup server".
    Then add the host at the bottom of the Sync tab.

    If you use the "Backup server option" you will need to configure the settings in Carp settings for that to function. I have never personally used this option…

  • I'm also unable to get pfblockerng sync to work.  I have the "Sync to host(s) defined below" selected and the correct IPs and passwords setup for two different hosts.

    In the general logs of the "master" I get the following:
    "[pfBlockerNG] XMLRPC sync successfully completed with…"(host a)
    "[pfBlockerNG] XMLRPC communications error occurred while attempting sync with…"(host b)

    In Host A's general log I see:
    "[pfBlockerNG] Sync terminated during boot process."

    I can't find anything in Host B's logs relating to pfBlockerNG or blocked packets.  Sync does not work for either host, however I also have Snort setup on the master and it successfully syncs to Host a and b with no problem at all.  The master also does CARP sync to Host a and that is working without issue as well.  Any ideas on what's happening here?

  • Moderator

    Are you using  "Admin" as the Sync Username?
    Do you have any "non-standard" characters in the Sync Password?

  • I am using the default admin username, and yes my password has special chars(as it should).  On host a I was seeing invalid login attempts so I had already removed the sanitation function from the pfblocker file, I'm not seeing the invalid login attempts anymore.  Just what I posted above.

  • Well, I'm not sure what happened, I added a 3rd host to see if I could get that one to work and immediately after doing that, all 3 hosts sync'd successfully.

Log in to reply