DIOCADDRULENV Error
-
Hmm, and those errors occur at the same time I assume?
And still nothing else logged at that time? No even triggering this?
-
@stephenw10 The miniupnpd errors are running constantly although they don't trip error logs, just in the routing logs.
The other DIOCADDRULENV error triggers an error and it seems to fluctuate when it does.
-
@hypnosis4u2nv said in DIOCADDRULENV Error:
The miniupnpd errors are running constantly
Ah, well that's an issue!
Hmm, what does
uname -ashow? I wonder if it's somehow still running an old kernel. -
@stephenw10 FreeBSD pfSense.localdomain 15.0-CURRENT FreeBSD 15.0-CURRENT #0 plus-RELENG_24_03-n256311-e71f834dd81: Fri Apr 19 00:28:14 UTC 2024 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-24_03-main/obj/amd64/Y4MAEJ2R/var/jenkins/workspace/pfSense-Plus-snapshots-24_03-main/sources/FreeBSD-src-plus-RELENG_24_03/amd64.amd64/sys/pfSense amd64
-
May 29 10:35:44 miniupnpd 94484 ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: File exists
Hi
I don't know if this will help or not
But, judging by the code in the kernel, this error (in fact, this is not even a global error) suggests that some program is trying to add a rule identical to the one that has already been loaded into the kernel .
in this way,in my opinion, this is not a system error, but an application that is trying to make changes to a certain ruleset -
@Konstanti conflict between pfblocker and suricata or my current rules conflicting with either of them?
-
More like a UPnP application in some downstream client trying to open the same port forward repeatedly.
However I would have thought miniupnpd would know that and not try to open it. Some more useful error in that situation seems likely.
-
@stephenw10 anyway to troubleshoot this?
-
Well first I'd try disabling upnp just be sure it stops.
Then try blocking individual hosts from opening upnp forwards and see if that can be narrowed down to a single host opening conflicting ports. Though as I say I'd expect miniupnpd to see that the port is already open and just reject the request....
-
@stephenw10 I'm away for a couple of days, I'll look into it when I get back. Thanks for your help.
