PfSense 2.3.2-RELEASE-p1 Constantly Reloading Filter



  • I recently noticed in the pfSense Logs that pfSense was constantly reloading filters every 20 minutes.  The system reported that it has been up for over a week so the router itself isn't rebooting.  I'm new to pfSense is this expected behavior?

    Oct 11 12:08:25 check_reload_status Reloading filter
    Oct 11 12:08:26 xinetd 16342 Starting reconfiguration
    Oct 11 12:08:26 xinetd 16342 Swapping defaults
    Oct 11 12:08:26 xinetd 16342 readjusting service 6969-udp
    Oct 11 12:08:26 xinetd 16342 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 11 12:18:53 php-fpm 77734 /rc.newwanipv6: rc.newwanipv6: Info: starting on re1.
    Oct 11 12:18:53 php-fpm 77734 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2601:2c2:400:6920:20d:b9ff:fe3a:4be9) (interface: wan) (real interface: re1).
    Oct 11 12:18:53 php-fpm 77734 /rc.newwanipv6: ROUTING: setting default route to 10.145.0.1
    Oct 11 12:18:53 php-fpm 77734 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::a204:60ff:fe5f:c4a%re1
    Oct 11 12:18:53 php-fpm 77734 /rc.newwanipv6: Removing static route for monitor fe80::a204:60ff:fe5f:c4a and adding a new route through fe80::a204:60ff:fe5f:c4a%re1
    Oct 11 12:18:53 check_reload_status Reloading filter
    Oct 11 12:18:54 xinetd 16342 Starting reconfiguration
    Oct 11 12:18:54 xinetd 16342 Swapping defaults
    Oct 11 12:18:54 xinetd 16342 readjusting service 6969-udp
    Oct 11 12:18:54 xinetd 16342 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 11 12:18:56 php-fpm 77734 /rc.newwanipv6: Ignoring IPsec reload since there are no tunnels on interface wan
    Oct 11 12:18:56 php-fpm 77734 /rc.newwanipv6: Resyncing OpenVPN instances for interface WAN.
    Oct 11 12:18:56 php-fpm 77734 /rc.newwanipv6: Creating rrd update script
    Oct 11 12:18:56 php-fpm 77734 /rc.newwanipv6: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 2601:2c2:400:6920:20d:b9ff:fe3a:4be9 - Restarting packages.


  • Rebel Alliance Developer Netgate

    It appears to be renewing your IPv6 DHCP lease. Your ISP must be handing out a really low DHCP lease time for IPv6.

    To confirm that you could disable IPv6 on your WAN to see if it stops.



  • I'm seeing the same thing every 15 minutes.  I do not have IPV6 installed.  Here's the log from my system:

    Oct 16 04:30:00 xinetd 17341 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 16 04:30:00 xinetd 17341 readjusting service 6969-udp
    Oct 16 04:30:00 xinetd 17341 Swapping defaults
    Oct 16 04:30:00 xinetd 17341 Starting reconfiguration
    Oct 16 04:15:00 xinetd 17341 Reconfigured: new=0 old=1 dropped=0 (services)



  • I have the exact same problem, no IPv6 configured. Seems to be something with the service on port 6969? Which service is it and how to disable it?


  • Rebel Alliance Developer Netgate

    That is not a problem with the service, you've cut out the relevant lines showing why it restarted. If it's every 15 mins, perhaps you have a scheduled rule or something else that setup a 15-minute cron job to reload the filter, in which case nothing is wrong and that is completely normal. xinetd is very chatty for that tftp proxy service on 6969, and doesn't currently have a way to silence those messages, but they're a byproduct of the filter being reloaded.



  • Oct 17 12:15:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 12:15:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 12:30:00 xinetd 21647 Starting reconfiguration
    Oct 17 12:30:00 xinetd 21647 Swapping defaults
    Oct 17 12:30:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 12:30:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 12:45:00 xinetd 21647 Starting reconfiguration
    Oct 17 12:45:00 xinetd 21647 Swapping defaults
    Oct 17 12:45:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 12:45:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 13:00:00 xinetd 21647 Starting reconfiguration
    Oct 17 13:00:00 xinetd 21647 Swapping defaults
    Oct 17 13:00:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 13:00:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 13:15:00 xinetd 21647 Starting reconfiguration
    Oct 17 13:15:00 xinetd 21647 Swapping defaults
    Oct 17 13:15:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 13:15:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 13:25:36 php-fpm 71390 /index.php: Successful login for user 'admin' from: 192.168.1.10
    Oct 17 13:30:00 xinetd 21647 Starting reconfiguration
    Oct 17 13:30:00 xinetd 21647 Swapping defaults
    Oct 17 13:30:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 13:30:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 17 13:45:00 xinetd 21647 Starting reconfiguration
    Oct 17 13:45:00 xinetd 21647 Swapping defaults
    Oct 17 13:45:00 xinetd 21647 readjusting service 6969-udp
    Oct 17 13:45:00 xinetd 21647 Reconfigured: new=0 old=1 dropped=0 (services)

    I have not cut out relevant lines, this is how the log looks like - and I have not configured any cron jobs or similar.


  • Rebel Alliance Developer Netgate

    Just because you didn't add a cron job by hand doesn't mean the firewall didn't set one up because of a feature you have enabled. A reload every 15 minutes is usually from scheduled rules, but you can install the Cron package to inspect the jobs that are there and see what is set to happen every 15 minutes. The timing is too exact for it to be anything other than a cron job.



  • I experience something similar when I enable IPv6 on the WAN interface, but each second: https://forum.pfsense.org/index.php?topic=119439.0

    And there is another report here (in German, though): https://forum.pfsense.org/index.php?topic=119409.0

    This happens to me on a new, clean install of pfSense.

    
    Oct 13 09:35:44 pfsense check_reload_status: Reloading filter
    Oct 13 09:35:45 pfsense xinetd[12487]: Starting reconfiguration
    Oct 13 09:35:45 pfsense xinetd[12487]: Swapping defaults
    Oct 13 09:35:45 pfsense xinetd[12487]: readjusting service 6969-udp
    Oct 13 09:35:45 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: pppoe0).
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting default route to 62.155.241.152
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route for monitor 8.8.8.8 and adding a new route through 62.155.241.152
    Oct 13 09:35:46 pfsense php-fpm[22884]: /rc.newwanipv6: Removing static route for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through fe80::2a0:a50f:fc81:6d2e%pppoe0
    Oct 13 09:35:46 pfsense check_reload_status: Reloading filter
    Oct 13 09:35:47 pfsense xinetd[12487]: Starting reconfiguration
    Oct 13 09:35:47 pfsense xinetd[12487]: Swapping defaults
    Oct 13 09:35:47 pfsense xinetd[12487]: readjusting service 6969-udp
    Oct 13 09:35:47 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: pppoe0).
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting default route to 62.155.241.152
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route for monitor 8.8.8.8 and adding a new route through 62.155.241.152
    Oct 13 09:35:47 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through fe80::2a0:a50f:fc81:6d2e%pppoe0
    Oct 13 09:35:47 pfsense check_reload_status: Reloading filter
    Oct 13 09:35:48 pfsense xinetd[12487]: Starting reconfiguration
    Oct 13 09:35:48 pfsense xinetd[12487]: Swapping defaults
    Oct 13 09:35:48 pfsense xinetd[12487]: readjusting service 6969-udp
    Oct 13 09:35:48 pfsense xinetd[12487]: Reconfigured: new=0 old=1 dropped=0 (services)
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2003:cc:1bbf:780:20d:b9ff:fe3a:35c0) (interface: wan) (real interface: pppoe0).
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting default route to 62.155.241.152
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::2a0:a50f:fc81:6d2e%pppoe0
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route for monitor 8.8.8.8 and adding a new route through 62.155.241.152
    Oct 13 09:35:49 pfsense php-fpm[40126]: /rc.newwanipv6: Removing static route for monitor fe80::2a0:a50f:fc81:6d2e and adding a new route through fe80::2a0:a50f:fc81:6d2e%pppoe0
    
    
    
    Oct 13 09:35:46 pfsense dhcp6c[29215]: a new XID (f740cc) is generated
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set client ID (len 14)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set server ID (len 26)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set status code
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set identity association
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set elapsed time (len 2)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set option request (len 4)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: send request to ff02::1:2%pppoe0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: reset a timer on pppoe0, state=REQUEST, timeo=0, retrans=977
    Oct 13 09:35:46 pfsense dhcp6c[29215]: receive reply from fe80::2a0:a50f:fc81:6d2e%pppoe0 on pppoe0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option client ID, len 14
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   DUID: 00:01:00:01:1f:8e:77:06:00:0d:b9:3a:35:c0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option server ID, len 26
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   DUID: 00:02:00:00:05:83:4a:4e:31:32:33:34:33:41:37:41:46:41:00:00:00:00:00:00:00:00
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option identity association, len 59
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   IA_NA: ID=0, T1=0, T2=0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option status code, len 43
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   status code: no addresses
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option DNS, len 32
    Oct 13 09:35:46 pfsense dhcp6c[29215]: nameserver[0] 2003:180:2:5000:0:1:0:53
    Oct 13 09:35:46 pfsense dhcp6c[29215]: nameserver[1] 2003:180:2:2000:0:1:0:53
    Oct 13 09:35:46 pfsense dhcp6c[29215]: make an IA: NA-0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: status code for NA-0: no addresses
    Oct 13 09:35:46 pfsense dhcp6c[29215]: IA NA-0 is invalidated
    Oct 13 09:35:46 pfsense dhcp6c[29215]: remove an IA: NA-0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: reset a timer on pppoe0, state=INIT, timeo=0, retrans=404
    Oct 13 09:35:46 pfsense dhcp6c[29215]: executes /var/etc/dhcp6c_wan_script.sh
    Oct 13 09:35:46 pfsense dhcp6c[29215]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Oct 13 09:35:46 pfsense dhcp6c[29215]: removing an event on pppoe0, state=REQUEST
    Oct 13 09:35:46 pfsense dhcp6c[29215]: removing server (ID: 00:02:00:00:05:83:4a:4e:31:32:33:34:33:41:37:41:46:41:00:00:00:00:00:00:00:00)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: got an expected reply, sleeping.
    Oct 13 09:35:46 pfsense dhcp6c[29215]: a new XID (636a06) is generated
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set client ID (len 14)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set identity association
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set elapsed time (len 2)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: set option request (len 4)
    Oct 13 09:35:46 pfsense dhcp6c[29215]: send solicit to ff02::1:2%pppoe0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: reset a timer on pppoe0, state=SOLICIT, timeo=0, retrans=1044
    Oct 13 09:35:46 pfsense dhcp6c[29215]: receive advertise from fe80::2a0:a50f:fc81:6d2e%pppoe0 on pppoe0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option client ID, len 14
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   DUID: 00:01:00:01:1f:8e:77:06:00:0d:b9:3a:35:c0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option server ID, len 26
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   DUID: 00:02:00:00:05:83:4a:4e:31:32:33:34:33:41:37:41:46:41:00:00:00:00:00:00:00:00
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option identity association, len 59
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   IA_NA: ID=0, T1=0, T2=0
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option status code, len 43
    Oct 13 09:35:46 pfsense dhcp6c[29215]:   status code: no addresses
    Oct 13 09:35:46 pfsense dhcp6c[29215]: get DHCP option DNS, len 32
    Oct 13 09:35:46 pfsense dhcp6c[29215]: server ID: 00:02:00:00:05:83:4a:4e:31:32:33:34:33:41:37:41:46:41:00:00:00:00:00:00:00:00, pref=-1
    Oct 13 09:35:46 pfsense dhcp6c[29215]: reset timer for pppoe0 to 0.779475
    Oct 13 09:35:47 pfsense dhcp6c[29215]: picked a server (ID: 00:02:00:00:05:83:4a:4e:31:32:33:34:33:41:37:41:46:41:00:00:00:00:00:00:00:00)
    
    


  • This is the output from the cron plugin

    ![Cron Plugin.png](/public/imported_attachments/1/Cron Plugin.png)
    ![Cron Plugin.png_thumb](/public/imported_attachments/1/Cron Plugin.png_thumb)


  • Rebel Alliance Developer Netgate

    This thread is getting confused. Two completely different issues that got lumped together.

    The ones with rc.newwanipv6 are reloading because the system believes it has to renew the DHCP lease already. The others are reloading just the filter for some other completely different reason.



  • Sorry for hijacking this thread. I just didn't get any reply yet and was finally happy to see something similar in the forums. If you want, you can delete my posts here and we continues this discussion in my original thread.