Added limiter resulted in spontaneous reboots

  • pfsense 2.4.2 in HA mode.

    Steps taken to create this mess.
    On primary.
    Added traffic limiter by:
    Firewall/traffic shaper
    Added new
    Name: l3df
    bandwidth 15mb
    mask: source address
    Rest default

    Then added to a rule
    edit rule
    Selected the limiter for In pipe.

    Hit save.

    It made the primary firewall reboot.
    Come up for about 15 seconds then reboot.
    This continued none stop.

    It replicated the settings to the backup firewall.
    The backup firewall did the same thing but it crashed the file system and never came back up at all.

    I managed to get into the firewall and disable the limiter and that fixed the primary. (took over an hour).
    On the backup firewall I had to fix the file system and then it came backup.

    Its pretty scary that a simple mistake like this will shut down both your primary and secondary.

    It would be nice to have a delay in replicating firewall rules that can kill your primary.

    I assume there are no way to delay firewall rules/settings replication to prevent situations like this.

  • you and me both brother… I have the same symptoms in 2.4.2_1

    Just have to leave my limiters off right now….

  • LAYER 8 Netgate

    Long-standing bug. Fixed in 2.4.3.

  • Sweeeeeet

Log in to reply