it installs now but its missing a shared object.. I haven't had a chance to to see if its on the box and just needs to be linked.

Code:

php: : The command '/usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '/libexec/ld-elf.so.1: Shared object "libgssapi.so.10" not found, required by "squid"'

just tried to install it and it failed :-(
2.1-BETA1 (i386) built on Fri May 10 16:28:23 EDT 2013

Code:

Beginning package installation for squid3-dev .
Downloading package configuration file... done.
Saving updated package information... done.
Downloading squid3-dev and its dependencies...
Checking for package installation...
 Downloading http://files.pfsense.org/packages/8/All/squid-3.3.4-i386.pbi ...  (extracting)
Loading package configuration... done.
Configuring package components...
Additional files... sqpmon.sh failed.
Backing up libraries...
Removing package...
Starting package deletion for squid-3.3.4-i386...

I've been using monit for a few years now to restart services that have failed. Works great!

Anyone else having this issue? IPs are removed from the block list after 5 minutes when the cron job is run. I've check the snort2c table and they aren't there anymore. Any ideas?

I have not timed mine, but I think the blocks are lasting for an hour.  That's what I have mine set for.  How is the time on your firewall synchronized?  Does it have a NTP source to sync with, and is it holding the correct time?

Bill

It syncs with a local NTP server in my time zone and if its not available then it syncs with couple from pool.ntp.org. The time is holding as far as I can tell...

I'm using Snort Basic VRT Rules, Snort GPLv2, and Emerging Threats rule sets.  I've also noticed that auto blocking is removing IPs after 5 minutes instead of an hour. The cron job looks like this

Are you still seeing this Cino?  I'm not getting this at all using the same rulesets, same cron job.

Anyone else having this issue? IPs are removed from the block list after 5 minutes when the cron job is run. I've check the snort2c table and they aren't there anymore. Any ideas?

i spoke too soon, its still removing IPs from the block list... I doesn't if you manually run the cron job

I'm using Snort Basic VRT Rules, Snort GPLv2, and Emerging Threats rule sets.  I've also noticed that auto blocking is removing IPs after 5 minutes instead of an hour. The cron job looks like this

Are you still seeing this Cino?  I'm not getting this at all using the same rulesets, same cron job.

I did a full re-install of the package this morning.. deleted everything before hand... installed.... then i went each interface main settings page and clicked save... when to global settings... changed remove blocked ip to never, saved; then changed it back to 1 hour, saved.

so far so good.... i've ran the cron job from cmd and its not removing the ip... also, all my interfaces started without copying the classification.config file over

i should had done this the other night, but when snort goes thru changes and if you re-using your old settings... you need to re-save the settings for some reason (i think even a little xml change throws off the settings) Now keep in mind, my settings were first created a couple of years ago... but have gone thru many many tweaks while the pfsense snort package has been maturing.


great work btw!! keep it up....

Code:

Crash report begins.  Anonymous machine information:

amd64
8.3-RELEASE-p7
FreeBSD 8.3-RELEASE-p7 #1: Thu Apr  4 13:16:33 EDT 2013     root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8

Crash report details:

PHP Errors:
 in /usr/local/pkg/pfblocker.inc on line 262
 in /usr/local/pkg/pfblocker.inc on line 262
 in /usr/local/pkg/pfblocker.inc on line 262
 in /usr/local/pkg/pfblocker.inc on line 262
 in /usr/local/pkg/pfblocker.inc on line 262

I keep getting this error report all the time on 2.1 for the past month or so. Nothing interesting going on in the system log.

I've had the same issue for the past couple of months. I haven't dug deeper to see if it causing any problems

i had to copy the files over to get snort to work also... but good work on the update

So far I have been unable to reproduce this problem.  Are you guys having this issue with an empty classification.config file using JUST the new Snort GPLv2 rules by chance?  They do not include any *.config nor *.map files.  Just trying to get a basis for reproducing the problem.

Bill

I'm using Snort Basic VRT Rules, Snort GPLv2, and Emerging Threats rule sets.  I've also noticed that auto blocking is removing IPs after 5 minutes instead of an hour. The cron job looks like this:

Code:

*/5  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c

[classification.config]

If that still fails, check for a zero-length classification.config file in the Snort interface directories under /usr/pbi/snort-i386/etc/snort.

Report back.

Bill

i had to copy the files over to get snort to work also... but good work on the update

Hey,
   everything should be fixed in the next release...

Ciao,
Michele

Thank you Michele... The page looks sweet!

I've noticed the same issue on box today after a firmware/gitsync update this weekend. Default route for IPv6 disappeared.  I went to System-Routing and re-saved the default route for my HE tunnel and that resolved the issue.. I'm using a HE tunnel setup as /64.

I haven't rebooted but hopefully it will stick instead of me re-saving the route/gateway config...  Last time something like this happen, was when the IPv6 code in pfsense was first implement.

Do we have an ETA when the new queue status page will be fully operational?

i'm using PRIQ :-(

any update when this page will display the interface then the queues?