Auto Config Backup Issue



  • Hi

    Every time I create/modify a rule it takes much longer than expected and I thought that's because of Auto-Config-Backup trying to create a backup but when I checked it there were no backups and disable/enable the module didn't help either.
    Is there any way to uninstall and reinstall it?


  • LAYER 8 Global Moderator

    Uninstall what exactly?

    Longer than you expected means what exactly? Creating editing a rule is pretty instantaneous.



  • I mean uninstalling the Auto-Config-Backup under the services tab. I need to have daily backups of configurations but it doesn't work so I thought maybe removing and reinstalling might help.
    When I click on save to create/modify a rule it takes like a minute or two.


  • LAYER 8 Global Moderator

    Well you got something wrong - it shouldn't take more than sec or 2 to save a change in a rule..

    I don't see how you think its related to the auto backup, if the auto backup is not even enabled.

    Auto config backup is part of the base install, its not a package.



  • How do you suggest I should troubleshoot this issue?


  • LAYER 8 Global Moderator

    That is a great question ;)

    hmmmm, do you have any other packages installed? Does the log show anything for the time when you change the rules, other than the reload..

    So for example... I just made a change to a rule.
    Apr 16 05:51:15 check_reload_status Reloading filter
    Apr 16 05:51:13 check_reload_status Syncing firewall

    So its only 2 seconds.. What does your log show?

    Have you noticed any other slowness tooling around the gui, do making changes to other things hang or slow? Or just firewall rules?

    How many rules exactly do you have total on all interfaces? is it few dozen or few 1000?

    Do you have any browser addons, I have noticed that lastpass can mess with the interfaces tab, etc. So I have it disabled on that page.



  • I have the following packages installed:
    bandwidthd, haproxy, pfBlockerNG-devel, RRD_Summary, snort, Status_Traffic_Totals, syslog-ng, zabbix-agent32.

    I have less than 200 rules (including all interfaces) and everything works fine except creating/modifying rules.

    I just modified a rule and here is the log:

    Apr 16 15:42:54 xinetd[63305]: Reconfigured: new=0 old=295 dropped=0 (services)
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19239-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19241-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19241-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19212-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19211-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19204-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19203-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19194-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19193-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19189-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19188-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19181-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19180-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19173-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19172-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19165-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19161-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19160-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19152-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19151-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19140-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19139-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19135-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19134-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19125-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19124-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19119-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19110-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19109-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19087-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19086-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19240-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19240-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19202-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19187-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19179-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19171-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19159-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19123-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19085-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19239-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19238-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19201-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19186-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19178-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19170-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19158-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19122-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19237-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19236-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19235-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19234-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19233-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19232-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19231-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19230-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19229-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19228-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19227-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19226-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19225-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19224-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19223-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19222-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19221-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19220-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19219-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19200-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19185-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19177-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19169-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19157-udp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19218-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19217-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19216-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19215-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19214-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19213-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19212-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19211-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19210-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19209-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19208-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19207-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19206-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19205-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19204-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19203-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19202-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19201-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19200-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19199-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19198-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19197-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19196-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19195-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19194-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19193-tcp
    Apr 16 15:42:54 xinetd[63305]: readjusting service 19192-tcp


  • LAYER 8 Global Moderator

    @AlexJ8791 said in How to Reinstall Auto Config Backup:

    xinetd

    What is in your
    /var/etc/xinetd.conf

    Off the top, I don't know which package you running would be using xinetd?

    What are you running on those services? Those are oddball ports..19212,213,214?? etc..

    edit: You doing NAT Reflection?? only thing that comes to mind for why xinetd would be doing stuff is nat reflection..



  • It's actually a long file :

    #wc -l /var/etc/xinetd.conf
    3835 /var/etc/xinetd.conf

    I don't use those ports in any of my rules!
    Maybe they are related to the "NAT Reflection" feature. It's been set to NAT + Proxy in my box.

    #head -40 /var/etc/xinetd.conf
    service 19000-tcp
    {
    type = unlisted
    bind = 127.0.0.1
    port = 19000
    socket_type = stream
    protocol = tcp
    wait = no
    user = nobody
    server = /usr/bin/nc
    server_args = -w 2000 172.20.16.2 10060
    }

    service 19001-tcp
    {
    type = unlisted
    bind = 127.0.0.1
    port = 19001
    socket_type = stream
    protocol = tcp
    wait = no
    user = nobody
    server = /usr/bin/nc
    server_args = -w 2000 172.20.35.2 80
    }

    service 19002-tcp
    {
    type = unlisted
    bind = 127.0.0.1
    port = 19002
    socket_type = stream
    protocol = tcp
    wait = no
    user = nobody
    server = /usr/bin/nc
    server_args = -w 2000 172.20.35.2 443
    }


  • LAYER 8 Global Moderator

    @AlexJ8791 said in How to Reinstall Auto Config Backup:

    It's been set to NAT + Proxy in my box.

    Why? Are you using Nat reflection??

    Nat reflection shouldn't be enabled unless you have a specific need for it, and even then I would suggest you figure out why you actually would want/need reflection.. It really is an abomination if you ask me ;)



  • I have several web servers behind this pfsense box and without NAT Relfection they won't work correctly.
    I think there might be something else going on on this box because I have the same firewall box with the same packages installed in another location and it has no issue.


  • LAYER 8 Global Moderator

    @AlexJ8791 said in How to Reinstall Auto Config Backup:

    without NAT Relfection they won't work correctly.

    Why is that, your local devices should just resolve the local IP for whatever your public FQDN is.. There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.

    Suggest you test by turning off nat reflection, and seeing if it fixes your delay in rule changes.



  • There almost zero reason to ever use nat reflection, other than lack of understanding or laziness or some idiot hard coding public IPs in an app vs using a fqdn.

    There are several cases in which we have to use nat reflection. One of them is when clients on your web server want to use the famous Wordpress CMS. This application needs to able to see its public address in order to work correctly especially in Network Mode. This issue could be tackled with DNS Split but when you have hundreds of websites and your clients keep adding/removing websites on the server, it's impossible to implement this feature.
    And as I said I have the same setup in another location with no issue so I think nat reflection is not the issue.


  • LAYER 8 Global Moderator

    I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.

    So in your log what is the time between sync firewall and reloading filter entries?

    I haven't played with wordpress in quite some time, but I have doubts that feature requires nat reflection. If I get a chance I might test this, because it makes no sense that nat reflection should be required for that to work.



  • I would still suggest test it it out by turning it off for second, making some changes and see if they are still delayed.

    I would definitely give a shot.

    If I get a chance I might test this.

    I'd appreciate it.



  • So in your log what is the time between sync firewall and reloading filter entries?

    Here is the complete log entries of a rule modification :

    Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
    Apr 16 18:13:10 fwl01 check_reload_status: Reloading filter
    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500
    Apr 16 18:13:12 fwl01 xinetd[63305]: Starting reconfiguration
    Apr 16 18:13:12 fwl01 xinetd[63305]: Swapping defaults
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19000-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19001-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19002-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19003-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19004-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19005-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19006-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19007-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19008-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19009-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19010-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19011-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19012-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19013-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19014-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19015-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19016-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19017-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19018-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19019-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19020-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19021-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19022-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19023-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19024-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19025-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19026-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19027-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19028-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19029-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19030-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19031-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19032-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19033-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19034-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19035-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19036-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19037-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19038-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19039-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19040-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19041-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19042-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19043-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19044-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19045-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19046-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19047-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19048-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19049-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19050-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19051-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19052-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19053-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19054-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19055-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19056-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19057-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19058-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19059-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19060-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19061-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19062-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19063-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19064-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19065-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19066-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19067-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19068-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19069-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19070-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19071-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19072-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19073-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19074-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19075-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19076-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19077-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19078-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19079-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19080-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19081-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19082-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19083-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19084-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19088-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19089-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19090-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19091-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19092-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19093-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19094-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19095-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19096-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19097-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19098-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19099-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19100-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19101-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19102-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19103-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19104-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19105-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19106-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19107-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19108-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19111-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19112-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19113-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19114-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19115-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19116-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19117-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19118-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19120-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19121-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19126-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19127-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19128-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19129-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19130-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19131-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19132-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19133-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19136-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19137-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19138-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19141-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19142-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19143-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19144-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19145-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19146-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19147-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19148-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19149-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19150-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19153-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19154-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19155-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19156-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19162-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19163-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19164-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19166-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19167-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19168-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19174-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19175-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19176-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19182-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19183-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19184-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19190-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19191-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19192-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19195-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19196-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19197-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19198-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19199-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19205-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19206-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19207-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19208-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19209-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19210-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19213-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19214-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19215-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19216-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19217-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19218-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19157-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19169-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19177-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19185-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19200-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19219-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19220-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19221-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19222-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19223-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19224-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19225-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19226-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19227-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19228-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19229-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19230-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19231-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19232-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19233-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19234-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19235-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19236-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19237-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19122-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19158-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19170-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19178-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19186-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19201-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19238-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19239-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19085-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19123-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19159-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19171-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19179-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19187-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19202-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19240-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19086-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19087-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19109-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19110-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19119-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19124-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19125-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19134-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19135-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19139-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19140-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19151-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19152-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19160-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19161-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19165-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19172-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19173-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19180-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19181-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19188-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19189-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19193-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19194-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19203-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19204-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19211-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19212-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19241-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-tcp
    Apr 16 18:13:12 fwl01 xinetd[63305]: readjusting service 19242-udp
    Apr 16 18:13:12 fwl01 xinetd[63305]: Reconfigured: new=0 old=296 dropped=0 (services)



  • I've disabled NAT Reflection completely but that didn't help either.
    Auto Conf Backup still doesn't work, even when I create a manual backup!


  • LAYER 8 Global Moderator

    @AlexJ8791 said in How to Reinstall Auto Config Backup:

    Apr 16 18:12:57 fwl01 check_reload_status: Syncing firewall
    Apr 16 18:13:10 fwl01 check_reload_status: Reloading filter

    Well that looks like 13 seconds not minutes.

    This looks like something not right

    Apr 16 18:13:11 fwl01 php-fpm[83690]: /rc.filter_configure_sync: Not installing NAT reflection rules for a port range > 500

    When you reload your rules.. have you looked at the monitor link to get the details of the reload
    https://sg4860.local.lan:8443/status_filter_reload.php

    filterreload.png



  • I've reloaded the filter and it went pretty fast but creating an alias or a rule takes a minute or sometimes two minutes.



  • I just found out that I was right and the Auto Config Backup is responsible for the delay.
    I connected to the pfsense box via ssh and went to /conf/backup directory. Here is the content:

    ls -l /conf/backup
    -rw-r--r--  1 root  wheel     5137 Apr 30 19:26 backup.cache
    -rw-r--r--  1 root  wheel  8257018 Apr 19 20:00 config-1555686137.xml
    -rw-r--r--  1 root  wheel  8256968 Apr 20 18:06 config-1555746982.xml
    -rw-r--r--  1 root  wheel  8257023 Apr 20 19:00 config-1555767383.xml
    -rw-r--r--  1 root  wheel  8256966 Apr 20 19:02 config-1555770620.xml
    -rw-r--r--  1 root  wheel  8258103 Apr 22 11:49 config-1555885257.xml
    -rw-r--r--  1 root  wheel  8258105 Apr 28 17:30 config-1556446368.xml
    -rw-r--r--  1 root  wheel  8254899 Apr 28 17:31 config-1556456428.xml
    -rw-r--r--  1 root  wheel  8254649 Apr 28 17:31 config-1556456470.xml
    -rw-r--r--  1 root  wheel  8254611 Apr 28 17:33 config-1556456504.xml
    -rw-r--r--  1 root  wheel  8253544 Apr 28 17:33 config-1556456585.xml
    -rw-r--r--  1 root  wheel  8253334 Apr 28 17:35 config-1556456620.xml
    -rw-r--r--  1 root  wheel  8254458 Apr 28 17:38 config-1556456700.xml
    -rw-r--r--  1 root  wheel  8254396 Apr 30 13:32 config-1556568185.xml
    -rw-r--r--  1 root  wheel  8254624 Apr 30 13:33 config-1556614941.xml
    -rw-r--r--  1 root  wheel  8255758 Apr 30 14:00 config-1556615018.xml
    -rw-r--r--  1 root  wheel  8254395 Apr 30 18:35 config-1556627831.xml
    -rw-r--r--  1 root  wheel  8254149 Apr 30 18:55 config-1556633157.xml
    -rw-r--r--  1 root  wheel  8254148 Apr 30 18:56 config-1556634321.xml
    -rw-r--r--  1 root  wheel  8254132 Apr 30 18:57 config-1556634383.xml
    -rw-r--r--  1 root  wheel  8254178 Apr 30 18:58 config-1556634467.xml
    -rw-r--r--  1 root  wheel  8254148 Apr 30 19:02 config-1556634525.xml
    -rw-r--r--  1 root  wheel  8254153 Apr 30 19:04 config-1556634764.xml
    -rw-r--r--  1 root  wheel  8253618 Apr 30 19:04 config-1556634840.xml
    -rw-r--r--  1 root  wheel  8253089 Apr 30 19:05 config-1556634876.xml
    -rw-r--r--  1 root  wheel  8253086 Apr 30 19:06 config-1556634927.xml
    -rw-r--r--  1 root  wheel  8253107 Apr 30 19:07 config-1556634973.xml
    -rw-r--r--  1 root  wheel  8253598 Apr 30 19:09 config-1556635023.xml
    -rw-r--r--  1 root  wheel  8253601 Apr 30 19:17 config-1556635143.xml
    -rw-r--r--  1 root  wheel  8253797 Apr 30 19:17 config-1556635630.xml
    -rw-r--r--  1 root  wheel  8254925 Apr 30 19:26 config-1556635674.xml
    

    At the end of the list is the latest backup file even though the module is NOT enabled for weeks!
    I made a change to a NAT rule and clicked save and ran ls -l several times:

    ls -l /conf/backup
    -rw-r--r--  1 root  wheel     5137 Apr 30 19:26 backup.cache
    -rw-r--r--  1 root  wheel  8257018 Apr 19 20:00 config-1555686137.xml
    -rw-r--r--  1 root  wheel  8256968 Apr 20 18:06 config-1555746982.xml
    -rw-r--r--  1 root  wheel  8257023 Apr 20 19:00 config-1555767383.xml
    -rw-r--r--  1 root  wheel  8256966 Apr 20 19:02 config-1555770620.xml
    -rw-r--r--  1 root  wheel  8258103 Apr 22 11:49 config-1555885257.xml
    -rw-r--r--  1 root  wheel  8258105 Apr 28 17:30 config-1556446368.xml
    -rw-r--r--  1 root  wheel  8254899 Apr 28 17:31 config-1556456428.xml
    -rw-r--r--  1 root  wheel  8254649 Apr 28 17:31 config-1556456470.xml
    -rw-r--r--  1 root  wheel  8254611 Apr 28 17:33 config-1556456504.xml
    -rw-r--r--  1 root  wheel  8253544 Apr 28 17:33 config-1556456585.xml
    -rw-r--r--  1 root  wheel  8253334 Apr 28 17:35 config-1556456620.xml
    -rw-r--r--  1 root  wheel  8254458 Apr 28 17:38 config-1556456700.xml
    -rw-r--r--  1 root  wheel  8254396 Apr 30 13:32 config-1556568185.xml
    -rw-r--r--  1 root  wheel  8254624 Apr 30 13:33 config-1556614941.xml
    -rw-r--r--  1 root  wheel  8255758 Apr 30 14:00 config-1556615018.xml
    -rw-r--r--  1 root  wheel  8254395 Apr 30 18:35 config-1556627831.xml
    -rw-r--r--  1 root  wheel  8254149 Apr 30 18:55 config-1556633157.xml
    -rw-r--r--  1 root  wheel  8254148 Apr 30 18:56 config-1556634321.xml
    -rw-r--r--  1 root  wheel  8254132 Apr 30 18:57 config-1556634383.xml
    -rw-r--r--  1 root  wheel  8254178 Apr 30 18:58 config-1556634467.xml
    -rw-r--r--  1 root  wheel  8254148 Apr 30 19:02 config-1556634525.xml
    -rw-r--r--  1 root  wheel  8254153 Apr 30 19:04 config-1556634764.xml
    -rw-r--r--  1 root  wheel  8253618 Apr 30 19:04 config-1556634840.xml
    -rw-r--r--  1 root  wheel  8253089 Apr 30 19:05 config-1556634876.xml
    -rw-r--r--  1 root  wheel  8253086 Apr 30 19:06 config-1556634927.xml
    -rw-r--r--  1 root  wheel  8253107 Apr 30 19:07 config-1556634973.xml
    -rw-r--r--  1 root  wheel  8253598 Apr 30 19:09 config-1556635023.xml
    -rw-r--r--  1 root  wheel  8253601 Apr 30 19:17 config-1556635143.xml
    -rw-r--r--  1 root  wheel  8253797 Apr 30 19:17 config-1556635630.xml
    -rw-r--r--  1 root  wheel  8254925 Apr 30 19:26 config-1556635674.xml
    
    #ls -l config-1556636179.xml
    -rw-r--r--  1 root  wheel  1032192 Apr 30 19:35 config-1556636179.xml
    
    #ls -l config-1556636179.xml
    -rw-r--r--  1 root  wheel  3252224 Apr 30 19:35 config-1556636179.xml
    
    #ls -l config-1556636179.xml
    -rw-r--r--  1 root  wheel  5324800 Apr 30 19:35 config-1556636179.xml
    
    #ls -l config-1556636179.xml
    -rw-r--r--  1 root  wheel  7839744 Apr 30 19:35 config-1556636179.xml
    
    #ls -l config-1556636179.xml
    -rw-r--r--  1 root  wheel  8254898 Apr 30 19:35 config-1556636179.xml
    

    as you can see the size of the file is changing and it took almost a minute to finish and when it did the page finished loading too!

    I also enabled the backup module and created a manual backup too but when I tried to download the backup it said :

    The following input errors were detected:
    Could not decrypt config.xml

    So, what do you think?


  • LAYER 8 Global Moderator

    those are not the auto backup feature... That is this
    https://docs.netgate.com/pfsense/en/latest/config/configuration-history.html

    Defaults to 30..

    yours are HUGE!

    in comparison here is mine size.

    [2.4.4-RELEASE][admin@sg4860.local.lan]/conf/backup: ls -la
    total 8656
    drwxr-xr-x  2 root  wheel    1536 Apr 30 08:25 .
    drwxr-xr-x  4 root  wheel    2048 Apr 30 08:25 ..
    -rw-r--r--  1 root  wheel    5078 Apr 30 08:25 backup.cache
    -rw-r--r--  1 root  wheel  293608 Apr 23 05:20 config-1556014722.xml
    -rw-r--r--  1 root  wheel  293608 Apr 23 05:23 config-1556014836.xml
    -rw-r--r--  1 root  wheel  293608 Apr 23 05:32 config-1556015021.xml
    

    So mine are KB yours are MB.. your are like 32X mine.. So yeah might take a bit to write those.

    Change it from the default 30 to 0, and see if your changes are faster ;)

    edit:

    The following input errors were detected:
    Could not decrypt config.xml

    Yeah I would prob look into that - that doesn't seem good.



  • @johnpoz said in Auto Config Backup Issue:

    those are not the auto backup feature... That is this
    https://docs.netgate.com/pfsense/en/latest/config/configuration-history.html

    Yes, you were right. I just checked my other pfsense box and it's less than 1MB!!!
    I've downloaded one of the backup files and there is a section for rrdata which is a big part of the file and without it the backup file will be less than a megabyte.
    Is there any way to exclude rrdata from being included in the config history?

    Change it from the default 30 to 0, and see if your changes are faster ;)

    How can I do that?

    Yeah I would prob look into that - that doesn't seem good.

    I don't know where to start...


  • LAYER 8 Global Moderator

    RRD shouldn't really be in the auto config data that I could think of - it should just be yoru config changes.

    Like new firewall rule, etc.

    How to change it is listed in the link I posted..
    set0.png

    As to where to start on why your seeing that error... Prob start a new thread with those specific details... When you try a do download of backup you get this error -- screenshot of the actual error when and where your doing your backup... Like are you having it include data or not, etc.



  • I did change the Backup Count to 0 but it didn't help!
    When I edit/create a rule it actually creates the backup first and then removes it according to the backup count 0.

    After setting Backup Count to 0 :

    #ls -l
    total 4
    -rw-r--r--  1 root  wheel  6 Apr 30 22:36 backup.cache
    

    While creating a NAT rule:

    #ls -l
    total 3236
    -rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
    -rw-r--r--  1 root  wheel  3252224 Apr 30 22:36 config-1556647551.xml
    
    #ls -l
    total 4324
    -rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
    -rw-r--r--  1 root  wheel  4390912 Apr 30 22:36 config-1556647551.xml
    
    #ls -l
    total 7044
    -rw-r--r--  1 root  wheel        6 Apr 30 22:36 backup.cache
    -rw-r--r--  1 root  wheel  7176192 Apr 30 22:37 config-1556647551.xml
    
    #ls -l
    total 8100
    -rw-r--r--  1 root  wheel      173 Apr 30 22:37 backup.cache
    -rw-r--r--  1 root  wheel  8255935 Apr 30 22:37 config-1556647551.xml
    
    #ls -l
    total 4
    -rw-r--r--  1 root  wheel  6 Apr 30 22:37 backup.cache
    

    So, it still takes a minute or so to create/modify a rule!!!


Log in to reply