Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Added limiter resulted in spontaneous reboots

    General pfSense Questions
    3
    4
    401
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heimire
      last edited by

      pfsense 2.4.2 in HA mode.

      Steps taken to create this mess.
      On primary.
      Added traffic limiter by:
      Firewall/traffic shaper
      Limiters
      Added new
      Name: l3df
      bandwidth 15mb
      mask: source address
      Rest default

      Then added to a rule
      Firewall/rules
      OpenVPN
      edit rule
      Selected the limiter for In pipe.

      Hit save.

      It made the primary firewall reboot.
      Come up for about 15 seconds then reboot.
      This continued none stop.

      It replicated the settings to the backup firewall.
      The backup firewall did the same thing but it crashed the file system and never came back up at all.

      I managed to get into the firewall and disable the limiter and that fixed the primary. (took over an hour).
      On the backup firewall I had to fix the file system and then it came backup.

      Its pretty scary that a simple mistake like this will shut down both your primary and secondary.

      It would be nice to have a delay in replicating firewall rules that can kill your primary.

      I assume there are no way to delay firewall rules/settings replication to prevent situations like this.

      1 Reply Last reply Reply Quote 0
      • A
        afrojoe
        last edited by

        you and me both brother… I have the same symptoms in 2.4.2_1

        Just have to leave my limiters off right now….

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Long-standing bug. Fixed in 2.4.3.

          https://redmine.pfsense.org/issues/4310

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • A
            afrojoe
            last edited by

            Sweeeeeet

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.