Nope those errors in the nginx log are almost certainly nothing to worry about.

Thanks

@SteveITS said in RAM disk?:

FWIW we run Suricata and RAM disks at most clients without issue.

Good to know, thanks.

@SteveITS said in RAM disk?:

OTOH the UT1 list in pfBlocker takes over 1 GB just to extract so YMMV on these things.

I don't had this 1 GB on my radar, thanks for the hint.

New topic here to investigate the issue since pfBlockerNG is not the cause.
https://forum.netgate.com/topic/189820/how-do-i-find-out-what-write-continuously-on-my-pfsense-ssd

@EricAiken said in pfsense and oracle virtualbox (guests blocked):

Virtualbox guest interfaces are bridged to to host's NIC

If you're using bridged NICs in VBox then there is no NAT happening. VMs should just get a DHCP lease from pfSense. I have that setup here and it works fine. Nothing special should be required on pfSense other than firewall rules to allow traffic out. And those would normally already be present.

Steve

Yup that^.

See: https://docs.netgate.com/pfsense/en/latest/services/dyndns/index.html

@Unoptanio not sure what your trying to show there? Yeah that is how it works.. If you ask dns to lookup something it will ask all the ns you have listed..

Whats your question?

I take it your doing dot forwarding since you have the fqdn listed their for cloudflare.

Keep in mind when you tell pfsense to lookup something, or it needs to lookup something itself and uses those.. Say for a check if there is an update - it isn't going to be using dot.. Only unbound would use dot when it get asks to lookup something and your forwarding. If you have 1.1.1.1 listed as pfsense dns, and pfsense itself goes to lookup something from 1.1.1.1 its just going to use a normal in the clear dns over 53.

If you want to make sure pfsense never asks in the clear and only via dot, then you put your NS in there you want to ask using dot, and set pfsense itself to ignore remote and only ask local host.

uselocal.jpg

Ah, cool! Shouldn't be required though, be good to find out what's actually causing that. Someday!

Anyway glad we were able to get a workaround in place. 👍

@jmbraben Restore reinstalls all packages which would pull the files from the latest 2.7.x as I recall. Starting in 2.7.2 one has to manually change the update branch to move to the next version do it is safer now.

The problem is, let’s say the current version has a later PHP and a package is dependent on PHP, it will install the later version which may not work with 2.7.0 code. Or similar with various libraries.

.1 fixed several security flaws: https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#security

@jonatkins said in pfSense 2.7 makes HP printers crash:

Any specific patches I should enable? I can't see anything relevant.

I am not sure, but you can try apply all recommended patches, just for test, i think most of them anyway will be applied on the next version available.

Good job! Perhaps you could document it for other users?

Ah, OK. Well the switch and vlan setup is the same. 😁

Hmm, odd. We don't really see that in 2.7.2 any longer. I used to be a much bigger issue. It pretty much always implies some php process running away though.

The only thing I can think of that might possibly be affected is the filtering change. Try setting 'IPsec Filter Mode' to assigned interfaces in the IPSec advanced settings.

However if that was the issue I'd expect to see blocked traffic in the firewall logs. Unless you have custom block rules without logging maybe?

Try running top with:
top -HaSP

That should show you what's using the CPU.

Same issue on clean 2.7.2 install (bare metal)

Solution:
Install system_patches in package manager, apply all patches, reboot ;)

I should delete everything

The important thing is that it uses a globally routable address rather than the WAN link-local address automatically. So you only need a public address on any interface for pfSense itself to have IPv6 connectivity.

@darcey

Cool !

[24.03-RELEASE][root@pfSense.bhf.tld]/root: ppp-uptime.sh ovpns1 93693

uptime of my OpenVPN server ...

Try manually reloading the ruleset in Status > Filter Reload. See what errors are shown exactly.

Steve