Firewall rebooted unexpectedly
-
@stephenw10
I do have pflow enabled
Its been working great since the 24. update. Why is it acting up now?
-
Good question. And it's set to Netflowv5 so not this: https://redmine.pfsense.org/issues/15446
What else has changed?
-
@stephenw10
I cant see the config history as now its flooded with (system): related messages.
The Auto Configuration Backup / Restore has no backups for the device. Is this normal?
This started yesterday during the work day so for sure no changes. Later that night i updated a pfblocker DNSBL feed but its not related to pfblocker.
Anything else i can check? Any other clues in the crash dumps?
-
Hmm, ACB not seeing backups is probably unrelated. But check general connectivity from the firewall itself. Check if using the key in a different box can see the backups.
This looks like a bug in flow to me, we are looking into it.
How often is it panicking? Can you test disabling pflow?
-
@stephenw10
I can disable flow for now.The restart events are below
9/5 - 3:20pm EDT
9/5 - 3:40pm EDT
9/5 - 11:50pm EDT
9/6 - 03:30am EDT
9/6 - 05:40am EDT
9/6 - 07:00am EDT -
Hmm, OK it appears it probably is that bug. Or at least the same fix applies.
Something must have changed though for it to suddenly start hitting it.
-
@stephenw10 Even though the redmine points to it being related to IPFIX?
The only thing that "recently" changed was a NAT Port Forward rule and DHCP settings on 9/5 @ 09:32am EDT
I see there is a patch created.
-
There is a patch but it's a compile time patch. It's fixed in 24.08 but would need a rebuild for 24.03.
Yes, in the original bug report it only affected IPFIX which is why I initially thought it could not be that. But Kristof believes the root cause is the same here, the fix is the same.
It is odd though that you were not hitting it before though. Something must have changed. Hard to imagine a port forward would have done it.
-
@stephenw10
I honestly dont know what couldve change within 24hrs specifically to pflow. I added an additional collector configuration a while back agoI reviewed my changes from yesterday and confirmed only those changes i stated were done. Considering the bulk of the reboots happened while i was asleep and as far as i know i don't sleep walk (maybe i do) it wasn't anything I've done overnight to cause those reboots.
As of now the fix is ready but will be released with 24.08?
The workaround is to disable pflow? -
Well the first thing is to confirm it really is pflow by disabling it making sure it doesn't happen.
