Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgraded to 21.05 and now “/“ filesystem is filling with ….??

    pfBlockerNG
    1
    3
    267
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keyser
      last edited by

      Hi all.

      After upgradeing my SG-2100 to 21.05 (from 21.02) a new problem has arisen with my pfBlockerNG-devel 3.0.16 install.

      Over the course of two weeks my 7Gb “/“ filesystem on the built-in 8Gb SSD goes from reporting 25% used space to 90%+ used space.

      HOWEVER: There are no files/directories that contains additional data. “du -h” still reports 2.0Gb data used in all files/folders which equals the initial 25% used space.

      So 4.4Gb diskspace goes missing over two weeks to files/folders that does not report correctly in the filesystem

      Rebooting pfSense, or disabling/enabling pfBlockerNG returns the diskspace use to 25% and another two weeks will go by before 90%+ is used.

      I started suspecting pfBlockerNG because a “top -SH” in I/O mode (press m) reported that unbound was more or less continiously touching the disk with writes. As soon as I disabled pfBlockerNG this behaviour stopped (And returned the lost diskspace).

      I have not tried disabling unbound python mode in pfBlockerNG yet, but I suspect this is what’s causing my problem.

      Is there anything I can do to confirm/rectify this problem apart from returning pfBlockerNG to normal Unbound mode and see if the issue goes away?

      K 1 Reply Last reply Reply Quote 0
      • K
        keyser @keyser
        last edited by

        I can confirm that changing pfBlockerNG 3.0.16 from “Unbound Python mode” to “Unbound mode” removes the continious write I/O from unbound to disk. Everything still works as expected, but there is much less write I/O done on the system.

        The memory usage on my SG-2100 also went down from 15% to 10% by making this change.

        I will report back tomorrow to report if the disk filling issue really is stopped by using this workaround.
        I will also report on whether the memory use stays permanently lower.

        K 1 Reply Last reply Reply Quote 0
        • K
          keyser @keyser
          last edited by keyser

          I can now also confirm the filling filesystem issue is gone once pfBlockerNG is changed to "Unbound Mode" instead of python mode.

          So this will serve as workaround until the issue with Python mode filling the filesystem is solved:

          NOTE: It seems my pfBlockerNG stopped logging DNSBL hits once I changed to Unbound mode.
          The counters in the widget no longer increases, and no hits are registered in the DNSBL report.
          But DNSBL is still active and working

          1 Reply Last reply Reply Quote 1
          • First post
            Last post