Project

General

Profile

Actions
Copy link

Bug #8904

closed

Shellcmd: pfBlocker's earlyshellcmd is being removed at boot

Added by Steve Wheeler over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
pfBlockerNG
Target version:
-
Start date:
09/16/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4
Affected Plus Version:
Affected Architecture:
All

Description

The Shellcmd package is incorrectly removing the pfBlocker early shellcmd entry at each boot.

--- /conf/backup/config-1537114650.xml    2018-09-16 17:18:01.326025000 +0100
+++ /conf/backup/config-1537114681.xml    2018-09-16 17:18:30.646898000 +0100
@@ -255,7 +255,6 @@
         </acb>
         <shellcmd>/conf/WGXepc64 -l green</shellcmd>
         <earlyshellcmd>/usr/local/bin/php-cgi -f /usr/local/bin/apply_patches.php</earlyshellcmd>
-        <earlyshellcmd>/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables</earlyshellcmd>
         <afterfilterchangeshellcmd></afterfilterchangeshellcmd>
     </system>
     <interfaces>
@@ -940,8 +939,8 @@
         <sequence>system_information:col1:open:0,interfaces:col2:open:0,services_status:col2:open:0,gateways:col2:open:0,ipsec:col2:open:0,pfblockerng:col3:open:0,suricata_alerts:col3:open:0</sequence>
     </widgets>
     <revision>
-        <time>1537114650</time>
-        <description><![CDATA[(system): pfBlockerNG: saving DNSBL changes]]></description>
+        <time>1537114681</time>
+        <description><![CDATA[(system): [shellcmd] Successfully (re)synced shellcmd configuration.]]></description>
         <username>(system)</username>
     </revision>
     <openvpn>

pfBlocker then adds it back.

--- /conf/backup/config-1537119130.xml    2018-09-16 18:33:03.136679000 +0100
+++ /conf/backup/config-1537119183.xml    2018-09-16 18:33:05.281034000 +0100
@@ -256,6 +256,7 @@
         <shellcmd>/conf/WGXepc64 -l green</shellcmd>
         <earlyshellcmd>/usr/local/bin/php-cgi -f /usr/local/bin/apply_patches.php</earlyshellcmd>
         <earlyshellcmd>echo &quot;test-earlyshellcmd&quot;</earlyshellcmd>
+        <earlyshellcmd>/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables</earlyshellcmd>
         <afterfilterchangeshellcmd></afterfilterchangeshellcmd>
     </system>
     <interfaces>
@@ -940,8 +941,8 @@
         <sequence>system_information:col1:open:0,interfaces:col2:open:0,services_status:col2:open:0,gateways:col2:open:0,ipsec:col2:open:0,pfblockerng:col3:open:0,suricata_alerts:col3:open:0</sequence>
     </widgets>
     <revision>
-        <time>1537119130</time>
-        <description><![CDATA[(system): [shellcmd] Successfully (re)synced shellcmd configuration.]]></description>
+        <time>1537119183</time>
+        <description><![CDATA[(system): pfBlockerNG: saving earlyshellcmd]]></description>
         <username>(system)</username>
     </revision>
     <openvpn>

This results in multiple config changes and hence multiple backups to ACB.

The pfBlocker early shellcmd does not appear in Services > Shellcmd even though it is in config.xml.

This doesn't happen in 2.4.3p1.

Tested in pfSense-2.4.4.r.20180914.1530. Shellcmd package 1.0.5 pfBlocker package 2.2.5_12

Actions
Copy link

Also available in: Atom PDF