Filter Reload on 2.5.2 (amd64) upgraded from 2.2.5 causing everything to stop for a few seconds
-
Good afternoon, pfSense experts.
One of our pfSense boxes is causing everything on it to stop/freeze throughput whenever the filter is reloaded. I'm not sure when this first started being an issue, but as part of our diagnosis we upgraded to 2.5.2 (which worked swimmingly), but the issue was still there. (VPN's drop, traffic graphs reset, everything stops while the reload happens). A fresh install of 2.5.2 doesn't have the filter reload script in /etc/crontab, and another older 2.2.5 host we have does have it but doesn't kick everything off when the script runs. Even an SSH session to the affected host will get kicked off when the filter reload event happens.
Is there something I can do other than replace the affected host with a freshly installed pfSense vm and recreate the rules & vpn configurations & everything else on it?
Regards,
Dael. -
Can you trigger this behaviour by visiting Status> Filter Reload ?
Do you see this behaviour on a pfSense with 100 % default settings ?
-
@gertjan Yes, triggering a filter reload does indeed cause this to happen.
On a stock standard 2.5.2 (amd64) install, it's fine. I recreated our vpn endpoint vm (replacing a 2.2.5 (amd64) that I thought was causing the issue, and while it has very few filter rules, it does have the ipsec vpn endpoint running, and a filter reload on it doesn't cause any issues at all.
The pfSense box in question has a few roles, one of them is the vpn endpoint at this end of our network, and it's also handling the DMZ traffic. It's not the firewall that handles our main traffic, though. The VPN traffic (that is mostly used at night) is the biggest load on the cpu.
-
Oh, and forgot to mention, that prior to the end of August 2021, a filter reload didn't cause this issue. However, I'm not sure how to figure out what rule(s) might have been changed and in what order that may have sparked this off.
-
@dael-sutton
That's why I proposed to go back to default settings.
Just to check if it's a system thing, or a settings thing.You can go back with a click, by importing your settings back in.
I don't think the issue is a firewall rule. More a System > Advanced setting
@dael-sutton said in Filter Reload on 2.5.2 (amd64) upgraded from 2.2.5 causing everything to stop for a few seconds:
2.2.5
Don't recall 2.2.5 as it's from many years ago.
-
What exactly is the cronjob you see? Is it:
0,15,30,45 * * * * root /etc/rc.filter_configure_sync
That is added by have firewall rules with a schedule configured.
If it's killing connections every time it loads it may be doing exactly what it's configured to do.Steve