pfsense (pf) 2.7.0 release notes suggest that all modules be upgraded before upgrading to 2.7.0, but when trying to upgrade the pfblocker module, it states that a php upgrade is needed so upgrade pf first.
Has anyone upgraded 2.7.0 with pfblocker? Should pfblocker be removed prior to upgrading to 2.7.0?
For those that are unaware as I was, uninstalling pfblockerng doesn’t remove the configuration information. I successfully removed pfblockerng on several pfsense 2.6.0, updated pfsense to 2.7.0, and reinstalled pfblockerng. All the settings, maxmind key, geoIP, etc were restored. Hope this helps.
I upgraded from 2.6.0 to 2.7.0 without removing any packages. Now I am sporadically getting filter reload errors:
There were error(s) loading the rules: /tmp/rules.debug:29: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [29]: table persist file “/etc/bogonsv6”
I have increased state table sizes and still get the errors. I had never seen these errors in 2.6.0.
I think I have figured it out. On my 2.7.0 system, the value of kern.maxdsiz is set to 1_073_741_824, but on my 2.6.0 system it is blank and defaults to 34_359_738_368. Underscores added for clarity. I got my 3.7.0 system to work by setting it to 30_000_000_000 and increasing maximum firewall states. I did not confirm what the max states were before updating kernel config. I will be able to verify this when I upgrade my 3.6.0 system to 3.7.x.