IP addresses suddenly blocked
-
Hello everyone, I will quickly illustrate how we configured our firewalls and then explain the problem we are encountering.
In the NAT section we had created some rules some time ago where the source was a single host that referred to an ALIAS containing all our public IPs, in this way only those IP addresses from the outside could access the various internal resources.
It has always worked perfectly for years.
For 3 days at the same time, on all firewalls, some of our IPs (present in ALIAS) have been blocked by firewalls, while others (always present in ALIAS) continue to work.
I looked at the logs and found this line:** Default deny rule IPv4 (1000000103) Source (our IP) - Destination (IP of the firewall) **
After I looked in pfinfo and found DEBUG: URGENT
Checksum: 0xfe83eeb60f319d646f21d2e0c1520497
In every firewall there is this wording, obviously the Checksum value changes.
It would seem that all the firewalls (different hardware in different places) had a problem of writing or reading the tables at the same time, in fact some addresses entered in the ALIAS were ignored and the firewall at that point blocked them.
Since it is impossible that all firewalls have encountered the same problem at the same time, I tend to think that it is an anomaly of the pfSense or the Browser (Chrome).Clearly I verified that the row-level tables had a sufficiently high value and I also tried to clear the logs with the command: clog -i -s 511488 /var/log/nomelog.log
Later I also did a Tables reload.
This temporarily solved the problem, but it returned the next day.Have any of you encountered the same problem and found any solutions?
Thanks to anyone who wants to help me.
Good job everyone.