@stephenw10 Will do, thanks for your help!

Yeah, it's a long standing issue in pfSense that is finally addressed in 23.09. From there on you have to opt in to new releases so you cannot accidentally get the wrong packages.

@stephenw10 resolved before seeing this, but you are correct. thanks very much. for posterity, from loader prompt: load /boot/kernel/zfs.ko

Hmm, well I would be trying a clean 2.7.2 install at this point. I'm not aware of any known mbuf leak so we need to determine if it's the config or something broken in the install.

@jhmc93 said in auto update: Where do u place your email for the notifications? The scripts makes use of the 'smtp' ( email ), for emails notifications from pfSense to work, you have to it set up first : here : example of a 'gmail' mail account : [image: 1705581312043-31bf6980-16b4-4847-9587-05040ef0e51f-image.png] This is also the place where you also specify the destination mail, typically your own gmail mail account.

@bassplayaman re: latest, see https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting

@stephenw10 I was poking around their website and I couldn't find information outside of what SMART is. The box says it will operate from temps ranging 0-70C

SO... End up buying new hardware. Restore backup and speeds are now good. Thanks so much for the help @stephenw10 !!! Really appreciate it.

@Gertjan Thank you, I will try your approach and report back as soon as I can

@stephenw10 Thanks a lot for the help.

Hmm, I don't think I've ever seen anyone set that! Good to know it's there....

@vacquah Is 172.16.100.1/24 your pfsense router ip? --> Yes.. Router connected to DGW for host and inteface for BGP communication Is 172.16.100.110 a specific kubernetes controlplane or worker node? --> Yes. Host sending BGP hosting CNI "CiIium network 172.16.103.0/24 (IP Pool).. .with Overlay network 10.43.0.0/16 I am having a hard time getting the big picture. ---> See above before /after diagram Working design: 99821352-79e2-47f3-8a16-807ac924ad2a-image.png

If you want to filter the states by Rule ID you have to enter the rule numbers there. You can see the rule numbers in the running ruleset by running: pfctl -vvsr For example: [23.09.1-RELEASE][root@7100.stevew.lan]/root: pfctl -vvsr @0 scrub from any to <vpn_networks:*> fragment no reassemble [ Evaluations: 39420 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @1 scrub from <vpn_networks:*> to any fragment no reassemble [ Evaluations: 39420 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @2 scrub on lagg0 inet all fragment reassemble [ Evaluations: 39420 Packets: 39368 Bytes: 310545 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @3 scrub on lagg0 inet6 all fragment reassemble [ Evaluations: 1 Packets: 1 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @4 scrub on ix2 inet all fragment reassemble [ Evaluations: 51 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @5 scrub on ix2 inet6 all fragment reassemble [ Evaluations: 2 Packets: 2 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @6 scrub on lagg1 inet all fragment reassemble [ Evaluations: 49 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @7 scrub on lagg1 inet6 all fragment reassemble [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @0 anchor "openvpn/*" all [ Evaluations: 813 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @1 anchor "ipsec/*" all [ Evaluations: 813 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @2 block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" ridentifier 1000000101 [ Evaluations: 813 Packets: 12 Bytes: 1152 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: Tue Jan 16 15:19:53 2024 ] @3 block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" ridentifier 1000000102 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @4 block drop in log inet all label "Default deny rule IPv4" ridentifier 1000000103 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @5 block drop out log inet all label "Default deny rule IPv4" ridentifier 1000000104 [ Evaluations: 800 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @6 block drop in log inet6 all label "Default deny rule IPv6" ridentifier 1000000105 [ Evaluations: 801 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @7 block drop out log inet6 all label "Default deny rule IPv6" ridentifier 1000000106 [ Evaluations: 778 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @8 pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @9 pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @10 pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 1 Bytes: 72 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @11 pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state ridentifier 1000000107 [ Evaluations: 3 Packets: 1 Bytes: 72 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 1 ] [ Last Active Time: N/A ] @12 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state ridentifier 1000000108 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @13 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @14 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @15 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @16 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @17 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @18 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @19 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @20 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @21 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @22 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state ridentifier 1000000110 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @23 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @24 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @25 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @26 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @27 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state ridentifier 1000000111 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @28 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @29 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @30 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @31 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @32 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @33 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @34 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @35 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @36 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @37 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type echoreq keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @38 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @39 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @40 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @41 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @42 block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000114 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @43 block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000114 [ Evaluations: 753 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @44 block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000115 [ Evaluations: 797 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @45 block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000115 [ Evaluations: 753 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @46 block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000116 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @47 block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000116 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @48 block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000117 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @49 block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000117 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @50 block drop log quick from <snort2c:0> to any label "Block snort2c hosts" ridentifier 1000000118 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @51 block drop log quick from any to <snort2c:0> label "Block snort2c hosts" ridentifier 1000000119 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @52 block drop in log quick proto tcp from <sshguard:0> to (self:11) port = ssh label "sshguard" ridentifier 1000000301 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @53 block drop in log quick proto tcp from <sshguard:0> to (self:11) port = https label "GUI Lockout" ridentifier 1000000351 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @54 block drop in log quick from <virusprot:0> to any label "virusprot overload table" ridentifier 1000000400 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @55 pass in quick on lagg0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp replies in WAN" ridentifier 1000000461 [ Evaluations: 23 Packets: 2 Bytes: 656 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 1 ] [ Last Active Time: Tue Jan 16 14:11:54 2024 ] @56 pass out quick on lagg0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" ridentifier 1000000462 [ Evaluations: 784 Packets: 4 Bytes: 1312 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 2 ] [ Last Active Time: Tue Jan 16 15:59:01 2024 ] @57 block drop in log on ! lagg0 inet from 172.21.16.0/24 to any ridentifier 1000001470 [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @58 block drop in log inet from 172.21.16.120 to any ridentifier 1000001470 [ Evaluations: 782 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @59 block drop in log on lagg0 inet6 from fe80::2e0:edff:fe86:a68c to any ridentifier 1000001470 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @60 block drop in log on ! ix2 inet from 192.168.88.0/24 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @61 block drop in log inet from 192.168.88.1 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @62 block drop in log on ix2 inet6 from fe80::208:a2ff:fe0e:a593 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @63 pass in quick on ix2 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002541 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @64 pass in quick on ix2 inet proto udp from any port = bootpc to 192.168.88.1 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002542 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @65 pass out quick on ix2 inet proto udp from 192.168.88.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000002543 [ Evaluations: 774 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @66 pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000004661 [ Evaluations: 794 Packets: 23 Bytes: 2226 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 11 ] [ Last Active Time: Tue Jan 16 13:59:27 2024 ] @67 pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000004662 [ Evaluations: 24 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @68 pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000004663 [ Evaluations: 26 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @69 pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000004664 [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @70 pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000004665 [ Evaluations: 796 Packets: 92 Bytes: 23856 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 13 ] [ Last Active Time: Tue Jan 16 15:41:40 2024 ] @71 pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" ridentifier 1000004666 [ Evaluations: 774 Packets: 2 Bytes: 172 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @72 pass out route-to (lagg0 172.21.16.1) inet from 172.21.16.120 to ! 172.21.16.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000004761 [ Evaluations: 774 Packets: 2338 Bytes: 448008 States: 3 ] [ Inserted: uid 0 pid 46270 State Creations: 743 ] [ Last Active Time: Tue Jan 16 16:37:23 2024 ] @73 pass in quick on ix2 proto tcp from any to (ix2:2) port = https flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @74 pass in quick on ix2 proto tcp from any to (ix2:2) port = http flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @75 pass in quick on ix2 proto tcp from any to (ix2:2) port = ssh flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @76 anchor "userrules/*" all [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @77 pass in quick on lagg0 reply-to (lagg0 172.21.16.1) inet all flags S/SA keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1533055761" ridentifier 1533055761 [ Evaluations: 796 Packets: 40 Bytes: 25177 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 10 ] [ Last Active Time: Tue Jan 16 16:04:08 2024 ] @78 pass in quick on lagg0 inet6 all flags S/SA keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1533055761" ridentifier 1533055761 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @79 pass in quick on lagg0 reply-to (lagg0 172.21.16.1) inet proto icmp from <WAN__NETWORK:1> to 172.21.16.120 keep state label "USER_RULE: Allow ping" label "id:1559646116" ridentifier 1559646116 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @80 pass in quick on ix2 inet from <LAN__NETWORK:1> to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101 [ Evaluations: 26 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @81 anchor "tftp-proxy/*" all [ Evaluations: 786 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] From the Firewall > Rules page in the GUI you can click on the state column for each individual rule and it will automatically fill in the RuleID in the state table filtering. Steve

@stephenw10 Done

@stephenw10 Thanks Steve, I'll open a ticket.

Ok so reviewing the thread are phone still failing to register when using 2.7 with IPSec enabled? Or is it just that calls fail? Either way look at the SIP traffic from a phone. Check the states and/or run packet captures. Where does it appear? Where doesn't it appear? Is it somehow going over the VPN?

Thanks @stephenw10 appreciate your help!

it didn't allow the picture in the first post, so here goes... [image: 1705352147175-48d57e1a-949e-49fc-92f2-1d7f96893a06-image.png]

Ok, have a look into the DOCSIS Telemetry. I was hell if my ISP rollout the OFDMA to the upstream some years ago. And your problem looks similar. Idle was nice, but if you use the bandwidth, the error rat grows and grows and with it the retransmission and the latency explode. It takes month and 2-3 construction sites to get a nice stable connection back. Have a look into it fist.

Yes that will pass TCP traffic from 192.168.88.39 to any device in the LAN subnet.