Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Repeated "ipfw: install_state: entry already present, done" on console

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      liontaur
      last edited by

      Hi folks,

      Just noticed that I keep having these messages scroll down the console screen. Can't find them in the logs or anything in the logs that coincides timing wise. I think that it even stops pfSense from running until you hit enter to get the console menu back up on the screen but i'm not 100% about that.

      I didn't find any mention here in the forums and the google results point to some indepth ipfw stuff which is beyond me. I was just hoping for a little help, maybe switch the order of a rule or two to fix this up.

      The box has 3 WANs, 1 LAN and a backdoor interface for me to connect in through as I don't want the LAN to have any access to the box itself, just to go through it. The 3 WANs are loadbalanced and have failover to each other. The LAN is 192.168.1.1/32 and the backdoor is 10.0.0.110

      Here's the Firewall rules:

      00030 skipto 50000 ip from any to any in via em0 keep-state
00030 skipto 50000 ip from any to any in via bge0 keep-state
00030 skipto 50000 ip from any to any in via em1 keep-state
00030 skipto 50000 ip from any to any in via em2 keep-state
00050 skipto 29900 ip from any to any MAC 00:02:55:a6:cd:d6 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:02:55:a6:cd:d6 keep-state
00050 skipto 29900 ip from any to any MAC 00:02:55:e6:6e:e2 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:02:55:e6:6e:e2 keep-state
00050 skipto 29900 ip from any to any MAC 00:0b:db:04:36:87 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:0b:db:04:36:87 keep-state
00050 skipto 29900 ip from any to any MAC 00:0f:1f:1d:a8:d5 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:0f:1f:1d:a8:d5 keep-state
00050 skipto 29900 ip from any to any MAC 00:11:25:98:13:c5 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:11:25:98:13:c5 keep-state
00050 skipto 29900 ip from any to any MAC 00:11:f5:23:03:17 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:11:f5:23:03:17 keep-state
00050 skipto 29900 ip from any to any MAC 00:16:ea:8f:6a:30 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:16:ea:8f:6a:30 keep-state
00050 skipto 29900 ip from any to any MAC 00:17:08:41:ba:d0 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:17:08:41:ba:d0 keep-state
00050 skipto 29900 ip from any to any MAC 00:17:08:44:61:e7 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:17:08:44:61:e7 keep-state
00050 skipto 29900 ip from any to any MAC 00:17:a4:d6:09:0c any keep-state
00050 skipto 29900 ip from any to any MAC any 00:17:a4:d6:09:0c keep-state
00050 skipto 29900 ip from any to any MAC 00:18:f8:d0:ea:77 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:18:f8:d0:ea:77 keep-state
00050 skipto 29900 ip from any to any MAC 00:1b:24:52:3f:30 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1b:24:52:3f:30 keep-state
00050 skipto 29900 ip from any to any MAC 00:1c:7e:6f:db:bd any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1c:7e:6f:db:bd keep-state
00050 skipto 29900 ip from any to any MAC 00:1c:c4:c7:6f:ee any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1c:c4:c7:6f:ee keep-state
00050 skipto 29900 ip from any to any MAC 00:1d:09:ab:8e:f1 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1d:09:ab:8e:f1 keep-state
00050 skipto 29900 ip from any to any MAC 00:1e:ec:a6:bc:ba any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1e:ec:a6:bc:ba keep-state
00050 skipto 29900 ip from any to any MAC 00:1f:3a:21:ae:0a any keep-state
00050 skipto 29900 ip from any to any MAC any 00:1f:3a:21:ae:0a keep-state
00050 skipto 29900 ip from any to any MAC 00:20:ed:43:7e:27 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:20:ed:43:7e:27 keep-state
00050 skipto 29900 ip from any to any MAC 00:20:f0:02:8c:e9 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:20:f0:02:8c:e9 keep-state
00050 skipto 29900 ip from any to any MAC 00:22:64:7f:ac:72 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:22:64:7f:ac:72 keep-state
00050 skipto 29900 ip from any to any MAC 00:22:64:7f:ea:76 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:22:64:7f:ea:76 keep-state
00050 skipto 29900 ip from any to any MAC 00:22:6b:a7:43:ee any keep-state
00050 skipto 29900 ip from any to any MAC any 00:22:6b:a7:43:ee keep-state
00050 skipto 29900 ip from any to any MAC 00:22:fa:ca:d7:94 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:22:fa:ca:d7:94 keep-state
00050 skipto 29900 ip from any to any MAC 00:23:7d:e7:72:e5 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:23:7d:e7:72:e5 keep-state
00050 skipto 29900 ip from any to any MAC 00:24:7e:68:1c:fd any keep-state
00050 skipto 29900 ip from any to any MAC any 00:24:7e:68:1c:fd keep-state
00050 skipto 29900 ip from any to any MAC 00:25:b3:76:30:27 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:25:b3:76:30:27 keep-state
00050 skipto 29900 ip from any to any MAC 00:26:82:4f:4a:40 any keep-state
00050 skipto 29900 ip from any to any MAC any 00:26:82:4f:4a:40 keep-state
00500 allow pfsync from any to any
00500 allow carp from any to any
00500 allow ip from 192.168.1.1 to any out via bge1
00501 allow ip from any to 192.168.1.1 in via bge1
01000 skipto 50000 ip from any to any not layer2 not via bge1
01001 allow ip from any to any layer2 not via bge1
01100 allow ip from any to any layer2 mac-type 0x0806
01100 allow ip from any to any layer2 mac-type 0x888e
01100 allow ip from any to any layer2 mac-type 0x88c7
01100 allow ip from any to any layer2 mac-type 0x8863
01100 allow ip from any to any layer2 mac-type 0x8864
01100 allow ip from any to any layer2 mac-type 0x8863
01100 allow ip from any to any layer2 mac-type 0x8864
01100 allow ip from any to any layer2 mac-type 0x888e
01101 deny ip from any to any layer2 not mac-type 0x0800
01102 skipto 20000 ip from any to any layer2
01200 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201 allow udp from any 68 to 192.168.1.1 dst-port 67 in
01202 allow udp from 192.168.1.1 67 to any dst-port 68 out
01203 allow icmp from 192.168.1.1 to any out icmptypes 8
01204 allow icmp from any to 192.168.1.1 in icmptypes 0
01300 allow udp from any to 192.168.1.1 dst-port 53 in
01300 allow udp from any to 192.168.1.1 dst-port 53 in
01301 allow udp from 192.168.1.1 53 to any out
01301 allow udp from 192.168.1.1 53 to any out
01302 allow tcp from any to 192.168.1.1 dst-port 8000 in
01302 allow tcp from any to 192.168.1.1 dst-port 8000 in
01303 allow tcp from 192.168.1.1 8000 to any out
01303 allow tcp from 192.168.1.1 8000 to any out
10000 skipto 50000 ip from any to 208.98.210.2 in
10000 skipto 50000 ip from 208.98.210.2 to any out
10001 skipto 50000 ip from any to 208.98.210.130 in
10001 skipto 50000 ip from 208.98.210.130 to any out
10002 skipto 50000 ip from 192.168.1.163 to any in
10002 skipto 50000 ip from any to 192.168.1.163 out
10003 skipto 50000 ip from 192.168.1.138 to any in
10003 skipto 50000 ip from any to 192.168.1.138 out
10005 skipto 50000 ip from 192.168.1.78 to any in
10005 skipto 50000 ip from any to 192.168.1.78 out
10006 skipto 50000 ip from 192.168.1.98 to any in
10006 skipto 50000 ip from any to 192.168.1.98 out
10007 skipto 50000 ip from 192.168.1.195 to any in
10007 skipto 50000 ip from any to 192.168.1.195 out
10010 skipto 50000 ip from 192.168.1.84 to any in
10010 skipto 50000 ip from any to 192.168.1.84 out
10011 skipto 50000 ip from 192.168.1.92 to any in
10011 skipto 50000 ip from any to 192.168.1.92 out
10013 skipto 50000 ip from 192.168.1.88 to any in
10013 skipto 50000 ip from any to 192.168.1.88 out
10015 skipto 50000 ip from 192.168.1.144 to any in
10015 skipto 50000 ip from any to 192.168.1.144 out
10016 skipto 50000 ip from 192.168.1.214 to any in
10016 skipto 50000 ip from any to 192.168.1.214 out
10019 skipto 50000 ip from 192.168.1.127 to any in
10019 skipto 50000 ip from any to 192.168.1.127 out
10020 skipto 50000 ip from 192.168.1.90 to any in
10020 skipto 50000 ip from any to 192.168.1.90 out
10021 skipto 50000 ip from 192.168.1.201 to any in
10021 skipto 50000 ip from any to 192.168.1.201 out
10022 skipto 50000 ip from 192.168.1.147 to any in
10022 skipto 50000 ip from any to 192.168.1.147 out
10025 skipto 50000 ip from 192.168.1.8 to any in
10025 skipto 50000 ip from any to 192.168.1.8 out
19902 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903 allow tcp from any 80 to any out
19904 deny ip from any to any
29900 allow ip from any to any layer2
65535 allow ip from any to any

      Not sure if there's anything else pertinent but just let me know if there's anything else you need.

      Thanks,

      Mark

      1 Reply Last reply Reply Quote 0
      • L Offline
        liontaur
        last edited by

        I'm wondering… As this is a multi-WAN install so I have rules (pass all traffic from LAN subnet to everywhere on TCP ports 443 and 110 over the WAN-WAN2 gateway) in the firewall to ensure that outgoing https and pop3 traffic goes out through my WAN2 connection. Would the firewall display the message from the subject if the traffic was already planning on going out over WAN2 or does this rule only redirect traffic planning on going out one of the other WAN connections and doesn't bother with traffic already going out over WAN2?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.