pfSense » pfSense Packages

This bug is still under active investigation. I have experienced it three times over two days of running Snort in a CE 2.7.0-RELEASE virtual machine. The bug appears to happen randomly- sometimes within an hour and other times several hours elapse between instances.

Something like this that is not 100% reproducible using the same steps in each test is a challenge to find.

This bug has likely been traced to the particular version of the libpfctl library bundled with pfSense CE 2.7.0, 2.7.1, and pfSense Plus 23.09. A fix for the libpfctl library package was submitted by its maintainer here: https://github.com/pfsense/FreeBSD-ports/commit/36019faf7b771be00808b184eda565f346c5ed5b.

Some additional code cleanup was done in the Snort custom output plugin used on pfSense to implement Legacy Blocking Mode. The pull request containing those code fixes is awaiting review and merge here: https://github.com/pfsense/FreeBSD-ports/pull/1326.

After these changes are all merged and new packages are built, final confirmation testing can performed.

The relevant changes have been merged to 2.7.1 and 23.09.

The 23.09 build is currently failing due to unrelated changes, but 2.7.1 should be able to update already.

The fix has deployed in package updates to both CE 2.7.1 and Plus 23.09. User feedback on the Netgate Forum indicates this bug is resolved.