Regression #14189
open
pfBlocker-NG: HA-Sync is not working
0%
Description
I'm not the only one with this problem.
See https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working .
This is causing serious issues, as I made changes to the pfBlockerNG configuration after upgrading to pfSense+ 23.01 and now the firewall rules are synchronized, but not the tables generated by pfBlockerNG, leading to firewall errors on the backup pfSense installation.
Please create a System -> Patches patch to fix this as soon as possible.
Files
Related issues
Updated by Jim Pingle about 2 years ago
- Project changed from pfSense Plus to pfSense Packages
- Category changed from XMLRPC to pfBlockerNG
- Priority changed from Urgent to Normal
- Release Notes deleted (
Default)
Packages get updated directly, they don't get patches.
Also there is almost no detail here or on the linked forum post about what is happening. "It doesn't work" isn't helpful.
Updated by name name about 2 years ago
I understand, but I don't know what is "not" happening.
There are two choices when configuring Sync for pfBlockerNG:
- Sync to configured system backup server
- Sync to host(s) defined below
For the second option I have the same credentials as I used for the main HA Sync of pfSense, which is working.
Enabled: yes
Protocol: https
Target: 10.0.97.2
Username: admin
Password: ...
Both options, even though they get accepted by the UI when pressing "Save ...", lead to the same problem:
No replication of pfBlockerNG settings takes place, which is why both the one in the forum post and me said "It's not working", like at all. I don't get error messages, nothing in the Logs that I can see. Either the sync function is not even called or something isn't working right.
You change anything on the master pfSense and nothing changes on the backup pfSense.
I tried all available update options:
- Update
- Cron
- Reload -> All
Nothing works.
So I can't really tell you why the xmlsync part of pfBlockerNG isn't working.
Updated by Jim Pingle about 2 years ago
- Has duplicate Bug #14220: pfBlockerNG does not sync to HA secondary added
Updated by Marcos M about 2 years ago
- Status changed from New to Duplicate
This issue has existed for some time unfortunately. It's covered by the following reports:
https://redmine.pfsense.org/issues/12916
https://redmine.pfsense.org/issues/12918
Edit: re-opened as it seems to be a related but separate issue.
Updated by Marcos M about 2 years ago
- Is duplicate of Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync added
Updated by Marcos M about 2 years ago
- Is duplicate of Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately added
Updated by Marcos M about 2 years ago
- Is duplicate of deleted (Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync)
Updated by Marcos M about 2 years ago
- Related to Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync added
Updated by Marcos M about 2 years ago
- Is duplicate of deleted (Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately)
Updated by Marcos M about 2 years ago
- Related to Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately added
Updated by Steve Y almost 2 years ago
Patch to fix the typo was posted at https://forum.netgate.com/post/1108304
Updated by dylan mendez almost 2 years ago
Related: "Sync to configured backup server" option does not allow to Save without an IP address in the target below.
IP address does not need to be valid, the error shows up only when the space is blank.
Updated by Georgiy Tyutyunnik almost 2 years ago
the typo fix patch from the forum thread does fix the Sync functional for pfBlockerNG
tested on
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
pfBlockerNG version 3.2.0_5
Updated by Steve Y over 1 year ago
comparing:
https://github.com/pfsense/FreeBSD-ports/blob/734989ab5809fe5c7bde23a240e717da656775ac/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L10826
https://github.com/pfsense/FreeBSD-ports/blob/734989ab5809fe5c7bde23a240e717da656775ac/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L10826
...-devel does not have the typo fix but non-devel does.
Updated by Steve Y about 1 year ago
Linking in https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 which says in part:
"All you need to do is to add the following at line 544 (which should be blank) to the pfblockerng.php file under /usr/local/www/pfblockerng/ :
pfblockerng_sync_on_changes(); // Sync config to HA slave @cron time to ensure config alignment
"
Updated by Danilo Zrenjanin 12 months ago
I defined GeoIP IPv4 entry for France on the Primary.
I can confirm that the configuration doesn't get replicated from the primary to the secondary node. Even after manually forcing updates on both primary and secondary.
Tested both options, Sync to configured system backup server and Sync to hosts defined below
pfBlockerNG-devel net 3.2.0_10
24.03-RELEASE (amd64) built on Wed Apr 24 19:38:00 CEST 2024 FreeBSD 15.0-CURRENT
Updated by Danilo Zrenjanin 12 months ago
- File clipboard-202405311108-n6kth.png clipboard-202405311108-n6kth.png added
- File clipboard-202405311108-kqkmu.png added
Updated by Danilo Zrenjanin 12 months ago
- File deleted (
clipboard-202405311108-kqkmu.png)
Updated by Steve Y 8 months ago
Per https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/57, still an issue in 3.2.0_17.