@patient0 the same error is showing for Restore last backup option and also when i try to assign ip address to interfaces

@fathead said in Performance regression 2.7.2 to 2.8:

Is it expected behavior that the cpu usage is high with an VIPs 10.0.0.1/32 is on wan?

No, not just that. It might if it's having to deal with a lot of traffic to that VIP that otherwise gets blocked.

Can I assume that applying that patch has not changed this new problem? Just that it too is new in 2.8?

@louis2 Arpwatch has been a package for years. ANDwatch, which replaces Arpwatch, is new.

@eagle61 Bei mir ging es bei meiner eigenen Maschine soweit auch gut.
Er blieb beim Update stehen mit dem Hinweis, dass er das Paket crowdsec entfernt. Das war nach einer halben Stunde immer noch nicht weg.

Also habe ich es über die Konsole entfernt, neu gestartet und habe das Update nochmal angestoßen. Dann hat es funktioniert.

Ohne das Entfernen des crowdsec-Pakets hätte es also nicht geklappt.
Aber so funktionierte es dann schließlich doch noch.

Gruß.

Going to mention here as I cant seem to edit the OP. I am on the latest version: 2.8.0-RELEASE

@zeroepoch Thanks for the information and more importantly the warning.

Was contemplating upgrading my local instance of pfSense this weekend. I am using a dual port 2.5gb Realtek Nic and remembered that I had installed the realtek-re-kmod198-198.00.1400094 driver.

Thankfully I came across your post when searching the forum looking for information regarding an updated driver for pfSense 2.8

If you don't mind can you clarify the build process.

You list steps 1-11 but was wondering if step 1 is to create a FreeBSD 15 VM and then do all the within that VM.

Also in step 1 you say you installed some packages mentioned at https://github.com/nkbali/pfSense-Build. What packages?

Thank you for your efforts and your support of the community.

@stephenw10 said in pfBlockerNG: when configured to use floating rules, blocks both directions even for unidirectional rules:

You should probably open a thread in the pfBlocker sub for this.

Or, I could just try and fix it myself...

I checked the code in pfb_firewall_rule (/usr/local/pkg/pfblockerng/pfblockerng.inc), and there is some bizarre logic for determining the direction of a rule. For "Deny Incoming" for example, there has to be a non-default gateway defined, which doesn't make any sense to me, logically.

But a work-around to my problem is to (per feed) change the Andanced Inbound Firewall Rules Setting / Custom Gateway / to something other than "default". Only then will the floating rule direction match the pfblocker direction.

Perhaps @BBcan177 can add some insights to this behaviour?

And @stephenw10, could you move this thread to the pfblocker sub? It is, as you say, not related to 25.03-beta.

Thanks

Wow, I stop checking the forum for a bit and come back to find that the ZFS patch has been released! 👏

Thank you to @marcosm @stephenw10 @cmcdonald @dennypage @arri @w0w @SteveITS @Gertjan @fireodo @chrcoluk and everyone else that has contributed to this discussion and process.

Hopefully, this change will help reduce the change of storage failure for all devices running pfSense, especially those using small-sized and/or eMMC storage.

It is encouraging to see that additional areas have been identified for further improvements to storage wear and space usage.

We have progressed a long way from "you're holding it wrong." 😉

on 25.03

I doubt that this option has any real effect, but for now it's the only difference I can see in the kernel. At the very least, it can be used by both the ice driver and the kernel itself.

Hmm, it could. The RA behaviour of different ISPs seems to vary significantly.

Mine sends an RA each time the pppoe link connects. And only then. Which makes everything work just fine!

Well I won't go much higher. You don't have much RAM to play with. Maybe 160MB.

If you send me your NDI in chat I can make it ineligible for Plus.

Updated for pfSense CE 2.8.0

https://github.com/HVR88/pfSense-Patches

@courtalj if it’s an eMMC I don’t think they show SMART.

You can check eMMC life via https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html#emmc.

Re your issue though, were you restarting at the time? And is the good/default BE still present? I had that on another model, I think a 2100. There’s detection at boot to see if the boot was successful and if not it reverts. I was kind of wondering if there’s a bug there somewhere. At the time I didn’t realize what happened until a bit after I restored a backup, but IIRC I could just use the “default” BE again.