Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfBlockerNG 2.2.5_27 cron update and traffic loss

    pfBlockerNG
    2
    5
    164
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asdjklfjkdslfdsaklj last edited by

      Recently updated to 2.2.5_27, and since then I've noticed traffic loss (established connections failing) during the hourly update process.

      System logs:

      Dec 8 10:06:30	php		[pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Dec 8 10:00:00	php		[pfBlockerNG] Starting cron process.

      Things start failing right around the "no changes to firewall rules" message, and after about ~30-45sec previous connections re-establish (new TCP sessions), and new connections can establish.

      Sometimes, but not always these messages are seen as well:

      sonewconn: pcb 0xfffff8022bb13000: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences)

      Haven't noticed a spike in CPU, memory, etc. during this process.

      Any thoughts regarding where to look further?

      Gertjan 1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan @asdjklfjkdslfdsaklj last edited by

        @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

        and after about ~30-45sec previous connections re-establish

        Let me guess, that is the time unbound (the dns cache + resolver) takes to restart ?
        And will it's going down, and restarts, during this tame : no more DND cache, no more answers to DNS requests.
        ( compare captivity of your logs mentioned above with the DNS log at the same time )

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • A
          asdjklfjkdslfdsaklj last edited by

          Looks like "kill states" being enabled was killing things. This wasn't happening previously, so need to ascertain whether or not an erroneous item in a list is causing this to fail before recovering, or something to do with pfBlockerNG itself.

          As an aside, no, no issues with name resolution.

          Gertjan 1 Reply Last reply Reply Quote 1
          • Gertjan
            Gertjan @asdjklfjkdslfdsaklj last edited by

            @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

            As an aside, no, no issues with name resolution.

            Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

            No "help me" PM's please. Use the forum.

            A 1 Reply Last reply Reply Quote 0
            • A
              asdjklfjkdslfdsaklj @Gertjan last edited by

              @Gertjan said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              @asdjklfjkdslfdsaklj said in pfBlockerNG 2.2.5_27 cron update and traffic loss:

              As an aside, no, no issues with name resolution.

              Well, I'm still curious to know what the time is between "unbound stop" and "unbound started".

              None, given "Resolver Live Sync" is enabled.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post