Project

General

Profile

Actions

Bug #10983

closed

pfBlockerNG not cleaning everything behind it

Added by Jacques Bourdeau about 4 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
10/15/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4-p3
Affected Plus Version:
Affected Architecture:

Description

I moved from PI-Hole to pfBlockerNG for a while. I chose to move back to PI-Hole and stopped using pfBlockerNG. After a little while, I uninstalled the package.
The symptom I then experienced was that DHCPD refused to serve both of my lab segments at once. It would do one or the other but not both. Error message was about VMX4 matching multiple shared networks.
A long search about ip ranges, networks and pools did not revealed anything.
I re-addressed one of the lab network and then DHCPD accepted to serve both.
I expended the other lab segment to cover the newly freed segment and received a much better error message. It said that the DHCP range could not include an existing interface's IP address.
Went to CLI and indeed, VMX4 had 2 IP addresses despite the dashboard or interface configuration showed just one.
I searched in /conf/config.xml and found a leftover from pfBlockerNG. It was <virtualip> ... configs .... </virtualip>.
I deleted that virtual IP section and Bingo! Everything worked fine and I was able to bring back the modified lab segment to its original address.

Actions #1

Updated by Viktor Gurov about 4 years ago

  • Status changed from New to Feedback

Unable to reproduce it on the latest pfBlockerNG-devel-2.2.5_37 - virtualip is successfully removed during uninstall

Actions #2

Updated by Max Leighton about 4 years ago

I agree with Viktor. I have tried to replicate this in the latest devel and stable versions of pfBlockerNG and cannot. The DNSBL virtual IP is removed at uninstall every time. I tried in 2.5 as well as 2.4.4_3. This should be marked as Not A Bug.

Actions #3

Updated by Jacques Bourdeau about 4 years ago

Hi guys,

I understand that you tried to reproduce the bug without success. FYI, I am pretty sure this guy had the same problem :
https://www.reddit.com/r/PFSENSE/comments/7047xp/dhcpd_claims_that_networks_are_overlapping_and/

Actually, it is his post saying that a complete reset fixed his case. That made me think some corruption or conflict was somewhere beyond the WebUI and that I had to fix it. I have way too many things configured in my pfSense for a reset - manual reconfig, so I searched manually.

It looks like there are more steps involved to reproduce the bug, but I am pretty sure there is a series of events that will lead to this situation. As such, I invite you to keep that for the record until next case surfaces.

Thanks for looking at this,

Actions #4

Updated by Marcos M about 4 years ago

Given this seems to be VM and sounds similar to issues that can happen when interfaces disappear or otherwise change without the firewall knowing, I'd say it's doubtful to be a bug in the package.

Actions #5

Updated by Bug Reporter almost 4 years ago

Just stumbled upon this error message from dhcpd, took a while to figure out I had a virtual IP set on that IP that I hadn't used for years. The only problem is that it lets me submit settings, when it will not work and also never says what exactly is the issue. Can we have the web interface check for this upon pressing save? Would be helpful.

Actions #6

Updated by Kris Phillips over 3 years ago

  • Status changed from Feedback to Rejected

Updating as Rejected as the bug can not be reproduced.

Actions

Also available in: Atom PDF