Since when is 2.2.6 to 2.3 a MAJOR upgrade?
-
Backed up my configs and thought I'd do a quick upgrade to (what I assumed was) a minor rev change.
WRONG.
Given such a large change, why wasn't this 3.0?
The new interface is ugly as sin. And you removed a package I need.
So how do I go back to 2.2.3?
–- EDIT ---
Okay, now the menu across the top of the pages is back. It was that squarish 3-bar icon that is so trendy now days, but requires an extra click each and every time you want to access another page. Well, that's gone (thankfully) and the bar across the top is back.
I need BIND. My secondary is going to shut itself off in three weeks. I realize BIND is a bit buggy and overblown with a thousand features and modes I don't use. But I need an authoritative DNS server for public access. Any ideas?
My box had been leaking LAN packets to the WAN. Not many, about 1 to 5 per day. I wonder if the new rev will fix that?
Thanks.
--- edit ---
Changed title as I was guessing at my previous rev. Since I guessed the wrong rev this has caused my confusion to propagate to innocent third parties. I was running v2.2.6.
-
My box had been leaking LAN packets to the WAN. Not many, about 1 to 5 per day. I wonder if the new rev will fix that?
:o :o :o
Any specific info on that?
-
UTC 14/04/2016 13:26:48.912 - IP spoof detected - Source:192.168.1.240, 3, LAN - Destination:209.170.97.239, 3, WAN - MAC address: 00.25.90.F2.6E.F2
"IP spoof" seems to be a NAT that didn't happen. Outward bound packet from our LAN (my notebook in this case) goes through pfSense but retains its LAN address rather than being translated into something useful (the pfSense's WAN address). Probably 99.99% + of such packets do get translated with no problems. Had two more in the hour after this, both from my wife's notebook. To put this in perspective, since the "upgrade" and restart, I've had over 327,000 packets go from LAN to WAN.
Looks like the "upgrade" didn't fix the leak.
But forget that. Dropping a bunch of packages from pfSense is no different from, say, Microsoft deciding that macros in Office are a security risk, and no one uses them anyway, so let's just remove macro capability from the next downloadable Office patches.
The bleep man. You really bleeped me up with this. Am I going to have to shut down everything to reinstall 2.2.6?
–- edit ---
I'll bet I had 2.2.6. From my collection of ISOs I see I never did have 2.2.3, but downloaded 2.2.4 in August of last year.
-
Backed up my configs and thought I'd do a quick upgrade to (what I assumed was) a minor rev change.
WRONG.
Given such a large change, why wasn't this 3.0?
I wholeheartedly agree. It left my firewall system with a panic that prevents booting. You don't change the entire OS and the GUI and then bump the version number from 2.2.6 to 2.3.0.
Dropping a bunch of packages from pfSense is no different from, say, Microsoft deciding that macros in Office are a security risk, and no one uses them anyway, so let's just remove macro capability from the next downloadable Office patches.
The bleep man. You really bleeped me up with this.
The upgrade process should, at the least, warn someone that a feature/package they currently use will no longer function and give them the option of aborting the upgrade.
I'm very grateful for all of the functionality that the team, and specifically Anthony (BBCan177) for pfBlockerNG, has so generously provided at no charge, and a botched upgrade doesn't change that. I just hope that future upgrades are better handled so as to have fewer "surprises."
-
Given such a large change, why wasn't this 3.0?
Because it wasn't worthy of being called a 3.0. 3.0 is a major re-write. We will, for example, get rid of the PHP.
From there, we will then then add decimal digits from pi for each release until we converge. ;)pfSense 2.4 will be based on FreeBSD 11.
And if you really want to run 2.2.3,…. "Why?" We fixed the file corruption problem in 2.2.4, and there are a lot of security fixes since 2.2.3.
-
Old releases can be found here: https://atxfiles.pfsense.org/mirror/downloads/old/
-
The upgrade process should, at the least, warn someone that a feature/package they currently use will no longer function and give them the option of aborting the upgrade.
I'm very grateful for all of the functionality that the team, and specifically Anthony (BBCan177) for pfBlockerNG, has so generously provided at no charge, and a botched upgrade doesn't change that. I just hope that future upgrades are better handled so as to have fewer "surprises."
I get what you are saying, in spirit. However, the other side of the coin would ask - who upgrades a critical system that is in production without reading ANY of the release notes/documentation??? Seems like a very lax admin policy.
Regardless, as has been mentioned, you can download the older releases and restore your backed up config.
-
who upgrades a critical system that is in production without reading ANY of the release notes/documentation???
At the very least, install it to a VM and play with it before you blindly upgrade. I've been doing all of the above and I'm still going to wait at least a week or two before attempting the upgrade.
-
Better yet, do it with a snapshot if you can. Even if you wait until a Release Candidate.
-
And if you really want to run 2.2.3,…. "Why?" We fixed the file corruption problem in 2.2.4, and there are a lot of security fixes since 2.2.3.
Sure all the reasons are there to upgrade - but the new UI is, to quote Kurtz, The horror! the horror!
I think this would have gone so much smoother if you could have kept the old UI as an option. Administrators HATE sudden unexpected changes.
-
And if you really want to run 2.2.3,…. "Why?" We fixed the file corruption problem in 2.2.4, and there are a lot of security fixes since 2.2.3.
Sure all the reasons are there to upgrade - but the new UI is, to quote Kurtz, The horror! the horror!
I think this would have gone so much smoother if you could have kept the old UI as an option. Administrators HATE sudden unexpected changes.
Hmm, I thought I recall seeing more than one or two posts about the new UI around. Even a topic or two on "Report UI problems/issues here".
But maybe that's just my imagination.
-
@jwt:
Given such a large change, why wasn't this 3.0?
Because it wasn't worthy of being called a 3.0. 3.0 is a major re-write. We will, for example, get rid of the PHP.
From there, we will then then add decimal digits from pi for each release until we converge. ;)pfSense 2.4 will be based on FreeBSD 11.
Speaking of FreeBSD, don't they promise to NOT break the APIs within a major rev? For example 10.0, 10.1, and 10.2 don't break functionality. 11.0, maybe it will. Your change broke a lot of systems, and you REMOVED functionality with NO warning. Click a button, download the patch, and… Death.
It most certainly IS a major upgrade when you break a bunch of systems. Externally I don't care if you use Erlang, Lisp, or something weird. I do care about functionality.
@jwt:
And if you really want to run 2.2.3,…. "Why?" We fixed the file corruption problem in 2.2.4, and there are a lot of security fixes since 2.2.3.
My error. The rev I was on was 2.2.6
-
Sure all the reasons are there to upgrade - but the new UI is, to quote Kurtz, The horror! the horror!
I think this would have gone so much smoother if you could have kept the old UI as an option. Administrators HATE sudden unexpected changes.
I'm going to back off on my gut "What the…? OMG! Ick!" reaction to the GUI. The old GUI was a fixed width. The new GUI is dynamic with a variable width, and I assume it can now be used with smart phones. When I logged in after the reboot I had my browser set to fit the old GUI, and the home page was one column instead of two, and the menu bar across the top was gone. In fact it took a bit of poking around to discover the navigation. A few minutes later I resized the browser window and shazam! It was okay again.
So yeah. The GUI's okay.
Now deleting a bunch of packages without warning is really, really bleeped up.
-
Now deleting a bunch of packages without warning is really, really bleeped up.
They did try to warn you if you would check first. Even the browser cache issue.
https://blog.pfsense.org/
Cut them some slack- how much did this great product cost you by the way? -
This is a product version numbering "issue" for ScottyDM…
I suggest to take a look at the Linux kernel version numbering history - go back, say, 15 years. And look at how numbering was done between 1996 and 2012. It was all version 2! And there were quite significant changes. -
Now deleting a bunch of packages without warning is really, really bleeped up.
There is a significant warning in the release notes and change list. You were warned, you chose not to read even the brief overview on the announcement on the blog.
Bitch if you want, but you can't say you weren't warned. Only if you ignored basic IT best practices of reading release notes before you upgrade systems.
-
This is a product version numbering "issue" for ScottyDM…
I suggest to take a look at the Linux kernel version numbering history - go back, say, 15 years. And look at how numbering was done between 1996 and 2012. It was all version 2! And there were quite significant changes.So I have heard. But I don't use Linux (I did look into it and tried CentOS for awhile). Currently using a mix of FreeBSD and Windows Server.
The issue isn't the numbering system, per se, but that functionality was removed and at this time there seem to be no plans to put it back.
@cmb:
There is a significant warning in the release notes and change list. You were warned, you chose not to read even the brief overview on the announcement on the blog.
Bitch if you want, but you can't say you weren't warned. Only if you ignored basic IT best practices of reading release notes before you upgrade systems.
I am not running an IT department, just a home network (segmented into 4 pieces). I do not have spare machines to test new updates on. And at this point my budget is extremely limited. I'd love to get the pfSense book, but what's on Amazon is much too old, and I wasn't thrilled with paying $99 for what amounts to an e-book.
In my many years of computing I've only been bitten twice by click-to-install patches: this one, and a patch to OpenOffice that contained a bug (and was fixed within a few days). Major upgrades are a different issue, and when faced with one I do a little research first. If I had any clue this was a major upgrade I would have done a little research. The last time I was on this website was January.
I've been reading the posts. I'm not the only person who complained about this click-to-install "patch" that removed functionality without warning. It was a horrible decision by someone on the pfSense project to distribute a major upgrade in this way. Of course it's my fault because I don't have spare machines and because I don't pay for the right to complain. And of course it's my fault that some people here don't like me calling them out on it. Smiting someone because you screwed up isn't very classy.
Yes, I will reinstall v2.2.6. Then I'll shut up about it.
I believe doktornotor was maintaining the BIND package. He quit? I'll take that discussion to: https://forum.pfsense.org/index.php?topic=109938.0
I think this thread has run its course.
-
I am not running an IT department
Unless you are paying someone else to do it, you are. No matter how small.
-
Bitch if you want, but you can't say you weren't warned. Only if you ignored basic IT best practices of reading release notes before you upgrade systems.
I take your point but it's been a while since the project made any changes of this magnitude. These days it's easy to see a point upgrade as being a security fix and the recent history of pfSense has been very good in that respect, bugs and holes have been fixed rapidly and without problems. A version push of 2.2.3 to 2.3 seems to have slipped past a lot of peoples radar (certainly mine) - whereas going from 2.2.3 to 2.5 for example would have made more people read the release notes for content.
-
Bitch if you want, but you can't say you weren't warned. Only if you ignored basic IT best practices of reading release notes before you upgrade systems.
I take your point but it's been a while since the project made any changes of this magnitude.
the project has a lot more resources these days. There are new community members who are doing significant work, (likely because the GUI code got a huge clean-up, so it's not … unpleasant to work on anymore), and, in addition, there are quite a few Netgate employees who work every day to advance pfSense.
