Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG 2.2.5_27 cron update and traffic loss

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 580 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asdjklfjkdslfdsaklj
      last edited by

      Recently updated to 2.2.5_27, and since then I've noticed traffic loss (established connections failing) during the hourly update process.

      System logs:

      Dec 8 10:06:30	php		[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Dec 8 10:00:00	php		[pfBlockerNG] Starting cron process.

      Things start failing right around the "no changes to firewall rules" message, and after about ~30-45sec previous connections re-establish (new TCP sessions), and new connections can establish.

      Sometimes, but not always these messages are seen as well:

      sonewconn: pcb 0xfffff8022bb13000: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences)

      Haven't noticed a spike in CPU, memory, etc. during this process.

      Any thoughts regarding where to look further?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @asdjklfjkdslfdsaklj
        last edited by

        @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

        and after about ~30-45sec previous connections re-establish

        Let me guess, that is the time unbound (the dns cache + resolver) takes to restart ?
        And will it's going down, and restarts, during this tame : no more DND cache, no more answers to DNS requests.
        ( compare captivity of your logs mentioned above with the DNS log at the same time )

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          asdjklfjkdslfdsaklj
          last edited by

          Looks like "kill states" being enabled was killing things. This wasn't happening previously, so need to ascertain whether or not an erroneous item in a list is causing this to fail before recovering, or something to do with pfBlockerNG itself.

          As an aside, no, no issues with name resolution.

          GertjanG 1 Reply Last reply Reply Quote 1
          • GertjanG
            Gertjan @asdjklfjkdslfdsaklj
            last edited by

            @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

            As an aside, no, no issues with name resolution.

            Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            A 1 Reply Last reply Reply Quote 0
            • A
              asdjklfjkdslfdsaklj @Gertjan
              last edited by

              @Gertjan said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              As an aside, no, no issues with name resolution.

              Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

              None, given "Resolver Live Sync" is enabled.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.