• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Added limiter resulted in spontaneous reboots

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 411 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    Heimire
    last edited by Jan 16, 2018, 4:51 PM

    pfsense 2.4.2 in HA mode.

    Steps taken to create this mess.
    On primary.
    Added traffic limiter by:
    Firewall/traffic shaper
    Limiters
    Added new
    Name: l3df
    bandwidth 15mb
    mask: source address
    Rest default

    Then added to a rule
    Firewall/rules
    OpenVPN
    edit rule
    Selected the limiter for In pipe.

    Hit save.

    It made the primary firewall reboot.
    Come up for about 15 seconds then reboot.
    This continued none stop.

    It replicated the settings to the backup firewall.
    The backup firewall did the same thing but it crashed the file system and never came back up at all.

    I managed to get into the firewall and disable the limiter and that fixed the primary. (took over an hour).
    On the backup firewall I had to fix the file system and then it came backup.

    Its pretty scary that a simple mistake like this will shut down both your primary and secondary.

    It would be nice to have a delay in replicating firewall rules that can kill your primary.

    I assume there are no way to delay firewall rules/settings replication to prevent situations like this.

    1 Reply Last reply Reply Quote 0
    • A
      afrojoe
      last edited by Feb 12, 2018, 10:28 PM

      you and me both brother… I have the same symptoms in 2.4.2_1

      Just have to leave my limiters off right now….

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Feb 12, 2018, 11:45 PM

        Long-standing bug. Fixed in 2.4.3.

        https://redmine.pfsense.org/issues/4310

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          afrojoe
          last edited by Feb 18, 2018, 2:54 AM

          Sweeeeeet

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            [[user:consent.lead]]
            [[user:consent.not_received]]