Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfctl high CPU & network connectivity loss after upgrading to pfSense+ 22.01

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    3
    320
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maliaga
      last edited by

      Hi, I'm experiencing exactly the same issue as this post and bug #10414 after upgrading to 22.01: CPU and load goes sky high and all interfaces stop responding for 30-60 seconds. The following process shows on top during the hang:

      /sbin/pfctl -o basic -f /tmp/rules.debug

      I tried setting "Firewall Maximum Table Entries" to 65000 and disabled "Block bogon networks" on all interfaces as workaround with no luck. Disabling SMP is not an option for me.

      The system is the secondary node on a 2 Netgate SG-4860 cluster, and pfBlocker is not installed.

      I'm thinking of a possible regression on this version, maybe the patch that fixed #10414 is not applied or applicable?

      Is anyone observing the same behaviour? I'd be grateful if someone could help me with this.

      Regards

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You are probably experiencing https://redmine.pfsense.org/issues/12827 and not the older issue.

        You can install the System Patches package and then apply the workaround for that issue directly from the recommended patches list as it's bundled in the current package.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        M 1 Reply Last reply Reply Quote 1
        • M
          maliaga @jimp
          last edited by

          @jimp OK, thanks for your prompt response. I applied the patch and can confirm that can't reproduce the issue any more, even after enabling bogon networks block.

          Thanks for the tip!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post