Bug #10983
closed
pfBlockerNG not cleaning everything behind it
Added by Jacques Bourdeau about 4 years ago.
Updated over 3 years ago.
Affected Version:
2.4.4-p3
Description
I moved from PI-Hole to pfBlockerNG for a while. I chose to move back to PI-Hole and stopped using pfBlockerNG. After a little while, I uninstalled the package.
The symptom I then experienced was that DHCPD refused to serve both of my lab segments at once. It would do one or the other but not both. Error message was about VMX4 matching multiple shared networks.
A long search about ip ranges, networks and pools did not revealed anything.
I re-addressed one of the lab network and then DHCPD accepted to serve both.
I expended the other lab segment to cover the newly freed segment and received a much better error message. It said that the DHCP range could not include an existing interface's IP address.
Went to CLI and indeed, VMX4 had 2 IP addresses despite the dashboard or interface configuration showed just one.
I searched in /conf/config.xml and found a leftover from pfBlockerNG. It was <virtualip> ... configs .... </virtualip>.
I deleted that virtual IP section and Bingo! Everything worked fine and I was able to bring back the modified lab segment to its original address.
- Status changed from New to Feedback
Unable to reproduce it on the latest pfBlockerNG-devel-2.2.5_37 - virtualip is successfully removed during uninstall
I agree with Viktor. I have tried to replicate this in the latest devel and stable versions of pfBlockerNG and cannot. The DNSBL virtual IP is removed at uninstall every time. I tried in 2.5 as well as 2.4.4_3. This should be marked as Not A Bug.
Hi guys,
I understand that you tried to reproduce the bug without success. FYI, I am pretty sure this guy had the same problem :
https://www.reddit.com/r/PFSENSE/comments/7047xp/dhcpd_claims_that_networks_are_overlapping_and/
Actually, it is his post saying that a complete reset fixed his case. That made me think some corruption or conflict was somewhere beyond the WebUI and that I had to fix it. I have way too many things configured in my pfSense for a reset - manual reconfig, so I searched manually.
It looks like there are more steps involved to reproduce the bug, but I am pretty sure there is a series of events that will lead to this situation. As such, I invite you to keep that for the record until next case surfaces.
Thanks for looking at this,
Given this seems to be VM and sounds similar to issues that can happen when interfaces disappear or otherwise change without the firewall knowing, I'd say it's doubtful to be a bug in the package.
Just stumbled upon this error message from dhcpd, took a while to figure out I had a virtual IP set on that IP that I hadn't used for years. The only problem is that it lets me submit settings, when it will not work and also never says what exactly is the issue. Can we have the web interface check for this upon pressing save? Would be helpful.
- Status changed from Feedback to Rejected
Updating as Rejected as the bug can not be reproduced.
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by