'pfr_update_stats: assertion failed' after removal of bridge.



  • Under my system log I'm getting 'pfr_update_stats: assertion failed.' every 5 seconds. I did not notice this repeating error until I removed a bridged interface and it members. This interface was between a vlan on one physical adapter bridged to another physical interface. The bridge worked for what I was testing at the time. The firewall is still working properly to best of my knowledge. New firewall rules are being applied correctly. Not sure what is causing this error. Other previous forum posts mention pfBlockerNG but I'm not running that package. I reviewed a copy of pfsense configuration xml (via diagnostics - backup and restore) and I could not find any reference to bridge setup that I created. I've done a reboot as well. Any suggestions besides re-install and re-configure from scratch?

    System info
    pfsense 2.4.3-p1 x64
    Xeon e3 v2 with 8GB RAM
    4x 82574L Intel NICs using em driver
    Packages currently installed are: acme, tftpd, openvpn-export, and iperf.


  • Netgate Administrator

    Hmm, tricky.

    It appears to be something in the ruleset referring to something that no longer exists. I would assume the bridge or one of it's members.

    Have a look at /tmp/rules.debug for references to those interfaces. If there are any you would have to dig deeper to find out what is still incorrectly generating them.

    Steve



  • Thanks for the reply.
    /tmp/rules.debug is easier to read than pfctl -sa
    I was using interface em.10 in my bridge and I found no reference to it in rules.debug. I could not find obvious reference to anything bridged.

    I took my current xml configuration backup, loaded it into a new VM install of pfsense and no 'pfr_update_stats: assertion failed' errors yet.

    When I can, I'll reset our firewall to default, upload backup config, reboot and see if the error persists.



  • Good news. I think it has been resolved. Some background: I loaded my config into VM environment, no errors. But no real traffic for a good test. I reset to factory on physical box. Did basic setup. No errors. Restored original config, on reboot errors came back. So I started disabling rules firewall rules 1 by 1. When I finally got to the NAT rules, I found the culprit. Once this rule was disabled error stopped. Best and worst part is I re-enabled the rule and pfr_update_stats: assertion failed did not come back.

    The offending rule was nothing special. WAN IP to LAN3 IP UDP port 70. No advanced options changed.