Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG 2.2.5_27 cron update and traffic loss

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 604 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      asdjklfjkdslfdsaklj
      last edited by

      Recently updated to 2.2.5_27, and since then I've noticed traffic loss (established connections failing) during the hourly update process.

      System logs:

      Dec 8 10:06:30	php		[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Dec 8 10:00:00	php		[pfBlockerNG] Starting cron process.

      Things start failing right around the "no changes to firewall rules" message, and after about ~30-45sec previous connections re-establish (new TCP sessions), and new connections can establish.

      Sometimes, but not always these messages are seen as well:

      sonewconn: pcb 0xfffff8022bb13000: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences)

      Haven't noticed a spike in CPU, memory, etc. during this process.

      Any thoughts regarding where to look further?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @asdjklfjkdslfdsaklj
        last edited by

        @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

        and after about ~30-45sec previous connections re-establish

        Let me guess, that is the time unbound (the dns cache + resolver) takes to restart ?
        And will it's going down, and restarts, during this tame : no more DND cache, no more answers to DNS requests.
        ( compare captivity of your logs mentioned above with the DNS log at the same time )

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A Offline
          asdjklfjkdslfdsaklj
          last edited by

          Looks like "kill states" being enabled was killing things. This wasn't happening previously, so need to ascertain whether or not an erroneous item in a list is causing this to fail before recovering, or something to do with pfBlockerNG itself.

          As an aside, no, no issues with name resolution.

          GertjanG 1 Reply Last reply Reply Quote 1
          • GertjanG Offline
            Gertjan @asdjklfjkdslfdsaklj
            last edited by

            @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

            As an aside, no, no issues with name resolution.

            Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            A 1 Reply Last reply Reply Quote 0
            • A Offline
              asdjklfjkdslfdsaklj @Gertjan
              last edited by

              @Gertjan said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              As an aside, no, no issues with name resolution.

              Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

              None, given "Resolver Live Sync" is enabled.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.