pfSense Support Subscription

Author Topic: Converting rules to Alias type and errors when disabling package  (Read 115 times)

0 Members and 1 Guest are viewing this topic.

Offline joelones

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +0/-0
    • View Profile
Converting rules to Alias type and errors when disabling package
« on: November 22, 2017, 09:24:30 am »
I used the trick of replacing all the pfB_ with pfb_ in the descriptions and did the following:

Then Disable the package.
Edit all of the IPv4/6/GeoIP aliases to be "Alias type"
Then re-enable the package...

It seems to work.

But I notice that after this modification when I disable pfB I get tons of notifications, consequently my email account gets bombarded (as I have email notfications on.) Am I doing something wrong here or is there a way to suppress these notifications.

The errors on in the form of "Unresolvable source alias 'pfB_Asia_v4' for rule 'pfb_Asia_v4 auto rule'..." , they only stop from appearing when I re-enable pfB.
« Last Edit: November 22, 2017, 09:29:08 am by joelones »

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: Converting rules to Alias type and errors when disabling package
« Reply #1 on: November 22, 2017, 06:33:02 pm »
When you disable pfBlockerNG, it removes the aliases and FW rules it created (auto-rule).
In your case of Alias type table, you have to disable the pfb_ FW rules before disabling pfBlockerNG.
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline joelones

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +0/-0
    • View Profile
Re: Converting rules to Alias type and errors when disabling package
« Reply #2 on: November 24, 2017, 11:08:04 am »
When you disable pfBlockerNG, it removes the aliases and FW rules it created (auto-rule).
In your case of Alias type table, you have to disable the pfb_ FW rules before disabling pfBlockerNG.

I'm assuming this can be scripted in some way, as I have far too many to do on an individual basis...

Found it, in the [filter][rule][0][disabled] array, when using pfSsh.php

EDIT: i tried to disable a rule to see a change in the [filter][rule][0][disabled] variable, and interestingly enough it didn't change from being empty, i would have expected to be set to "yes". am i missing somthing?
« Last Edit: November 24, 2017, 11:38:26 am by joelones »