Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - cmb

Pages: 1 2 [3] 4 5 6 7 ... 26
Installation and Upgrades / HEADS UP on 2.3 upgrade if using haproxy
« on: April 14, 2016, 01:49:19 am »
If you have haproxy installed, make sure you uninstall it before upgrading You also might want to check to verify its inc files no longer exist.

Already upgraded and things are broken?

Go to Diag>Command, or option 8 at the console, and run:

Code: [Select]
rm /usr/local/pkg/haproxy*inc
Then reboot, and you should be in good shape.

Prepping before upgrading?

First, go to System>Packages and uninstall haproxy. Your config will be retained and available after re-installing the package post-upgrade. Check the directory contents of /usr/local/etc/pkg/ to verify the haproxy inc files are gone. Diag>Command, or option 8 at shell, and run:

Code: [Select]
ls /usr/local/etc/pkg/
If there are any files in that directory containing haproxy in their name, run the rm command mentioned above for recovering if you've already upgraded.

After verifying there are no haproxy inc files in place, you know it's safe to upgrade to 2.3 as normal. Then reinstall haproxy afterwards and you should be set.

I'm looking into a proper fix for future versions, but this will get you by for now.

When you next upgrade, the system will spit out an error and may claim the upgrade failed, but will continue and reboot. The repo-devel package had to be removed as part of getting to a final release, and unfortunately not a way to make that not error out on already-installed systems. It'll still upgrade just fine, the failure's just log noise. And it won't happen again.

EDIT: [jimp]:

For issues updating from RC (or older) to -RELEASE:

If you see "unable to check for updates", make sure you have pfSense-base installed (check the output of "pkg info -x pfSense"). If missing, run "pkg install pfSense-base"

If you see an error when checking for or installing updates that states no trusted keys could be found, run the following command from the shell or Diagnostics > Command:

Code: [Select]
fetch -qo /usr/local/share/pfSense/keys/pkg/trusted/

OpenVPN / MOVED: TLS 1.0 support issues
« on: March 12, 2016, 02:20:17 am »

General Questions / MOVED: Dansguardian Blacklist setup
« on: January 28, 2016, 07:10:52 pm »

A post today on the Full Disclosure list disclosed a "0 day" local file inclusion vulnerability. We've already fixed it for 2.2.6 and in 2.3, but the person who discovered it didn't wait until the release as we requested to disclose it.

As is often the case with these self-promotional messages, the likely impact is greatly exaggerated for nearly all real world use cases. A variety of people who aren't really looking at the issue see "LFI/RCE" and start spewing misleading things. Here is the reality of it.

A user with limited administrative rights having privileges to write files to the filesystem, and access to pkg.php or wizard.php pages, can escalate their privileges to that of a full administrator. In the vast majority of circumstances, admin users with rights to write files have full admin-level privileges, which makes it non-applicable.

2.2.6 release is coming soon for that and other reasons. If that circumstance actually applies to anyone, the most recent 2.2.6 snapshots should be nearly identical to release.
64 bit
32 bit

Wireless / MOVED: Unable to print from wireless
« on: December 15, 2015, 05:36:48 pm »

General Questions / MOVED: squid and squidguard
« on: December 15, 2015, 04:25:09 pm »

Pages: 1 2 [3] 4 5 6 7 ... 26