There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy
-
Hmm, OK. 2x too many!
Do you know if it remains responsive at the console when that happens?
-
@stephenw10 I wish I could say, but its a remote location and has only acted this way when I'm not on site... last time was 24 hours after I left...frustrating
-
Are you able to upload a status file to us to review?
-
@stephenw10 of course, pls tell me what to do =)
-
Great, you can pull the status_output file from the GUI. See:
https://docs.netgate.com/pfsense/en/latest/recipes/diagnostic-data.html#view-and-download-diagnostic-data-in-the-guiThen upload it here:
https://nc.netgate.com/nextcloud/s/YfciQktBin7fLEM -
@stephenw10 All done sir
-
Great I see that. Checking....
-
Mmm, OK nothing obvious there. I'm going to consult developers on this.
-
Ok, the likely cause here is a race condition between filter reloads triggered close to simultaneously.
That obviously shouldn't happen but you can probably mitigate it by tuning your gateway parameters for the WG_VPN_HQ gateway. Currently that is continually throwing alarms and reloading the filter every time it does. I suspect when you see this error it ends up thowing several alarms and queing up reloads.
I would try either setting the monitoring values to far higher numbers, say 50% and 500ms, or disabling monitoring action on the gateway. If that prevents or reduces the errors you're seeing that would prove the theory.
Steve
-
@stephenw10 From a troubleshooting standpoint, it makes sense since these overseas vpn can have spotty connection from time to time. I already made those adjustments... waiting to see what happened :D Thanks @stephenw10 much appreciated!
-
I’m also seeing this message pop up a lot recently on one of my 23.09.1 firewalls. I’m counting 8 messages between 4/15 to today (4/28).
It’s always an alert saying:
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
Followed by another alert saying:
PF was wedged/busy and has been reset.
-
Same question as the OP here. Anything logged? Any 'exotic' rules? Anything else unusual?
-
Same issue here, almost every day (some times twice a day)
06:30:00 PF was wedged/busy and has been reset.
06:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:system general log
Aug 26 06:30:00 php-cgi 51879 rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
Aug 26 06:30:00 php-cgi 51879 rc.filter_configure_sync: New alert found: PF was wedged/busy and has been reset.
Aug 26 06:28:00 sshguard 54936 Now monitoring attacks.
Aug 26 06:28:00 sshguard 55063 Exiting on signal. -
Is there anything else logged? An alert shown in the system?
Can you replicate it by running Status > Filter Reload?
-
Only the warning in GUI and by email (twice a day)
yesterday
16:15:00 PF was wedged/busy and has been reset.
16:15:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
19:00:00 PF was wedged/busy and has been reset.
19:00:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:monday:
06:30:00 PF was wedged/busy and has been reset.
06:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
01:30:00 PF was wedged/busy and has been reset.
01:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:Q: Can you replicate it by running Status > Filter Reload?
A: Cannot replicate the error, no issues when running filter reload, all rules are loaded normallyI can provide the status_output file from the GUI
-
Happened for me again 3x, on a different pfsense box..
pf_busy
PF was wedged/busy and has been reset. @ 2024-08-08 16:20:11
PF was wedged/busy and has been reset. @ 2024-08-13 06:44:50
PF was wedged/busy and has been reset. @ 2024-08-21 14:50:18
Filter ReloadThere were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-08 16:20:12
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-13 06:44:51
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-21 14:50:19 -
You can upload a status file here: https://nc.netgate.com/nextcloud/s/fLa8Rr8Km5Bq4rt
-
@stephenw10 uploaded the status
-
Hmm, nothing obviously an issue there.
You have a lot of bad requests against the pfSense GUI from a single IP. If that's not a scan of some sort from an internal IP you should check that you don't have open ports to the WAN.
One in stance showed just after em2 disconnected. But only one.
It looks like you have lcdproc installed but misconfigured.
-
bad requests against the pfSense GUI from a single IP?
Can you tell me which IP? or which log file?It looks like you have lcdproc installed but misconfigured.
I'm running lcdproc on a watchguard xtm550, the lcd is showing the correct info?