Another Netgate with storage failure, 6 in total so far
-
@stephenw10 said in Another Netgate with storage failure, 6 in total so far:
Be good if you could set it for /tmp only.....
It would be really good if you could simply do ramdisk for /tmp only. No need to save/restore.
-
@mer said in Another Netgate with storage failure, 6 in total so far:
What parts of pfSense are doing a lot of writes?
Some packages (https://www.netgate.com/supported-pfsense-plus-packages), logging of default block rules, IGMP block logging, logging set in packages, updates of block lists and country lists, nginx access log (dashboard widgets), and similar.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@SteveITS what files can use a linker file to direct to a usb drive? That model can use a usb drive right ?
-
@SteveITS
Hmm, so enabling compression "on the fly" in case of logs can significantly reduce writes, yes?zfs set compression=lz4 pfsense/var/logSome log compression options can be enabled via the GUI, but I don’t think they use "on-the-fly" compression.
-
@SteveITS said in Another Netgate with storage failure, 6 in total so far:
logging of default block rules, IGMP block logging
These two can be quite voluminous, but are easy to address:
- Add a rule on Local to pass IPv4+IPv6 IGMP with IP options set. I think this should actually be a default rule in pfSense.
- Disable logging of packets blocked by the default rule in Firewall Logs. There are often thousands of these every day, and the individual log entries really aren't of much value.
-
@JonathanLee Oh I have no idea. :)
@w0w said in Another Netgate with storage failure, 6 in total so far:
Some log compression options can be enabled via the GUI, but I don’t think they use "on-the-fly" compression.
Yes it does: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/index.html#log-format
"ZFS already compresses this data"
@dennypage said in Another Netgate with storage failure, 6 in total so far:
easy to address
Yep, mentioned above. In a link maybe, it's been a long thread. We actually don't pass the IGMP, since it's "supposed" to be blocked (always has been) we add a block rule that is set to not log. Otherwise IGMP is logged even if the logging for the default block rule is off.
-
@SteveITS said in Another Netgate with storage failure, 6 in total so far:
We actually don't pass the IGMP, since it's "supposed" to be blocked (always has been) we add a block rule that is set to not log.
I would not say IGMP is supposed to be blocked, and it's rather inefficient to do. Multicast flooding is not desirable, even if it's only mDNS.
Of course, if IGMP is completely disabled in your switches, it doesn't matter. But if it is disabled in your switches, you won't see the IGMP messages to begin with.
-
@dennypage rephrasing, pfSense blocks them by default.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#packets-with-ip-options -
@SteveITS said in Another Netgate with storage failure, 6 in total so far:
rephrasing, pfSense blocks them by default.
Yea, that's why I called out that pfSense should add a default pass rule for IGMP.
Blocking packets with IP options that are to be forwarded is a good default, however IGMP isn't forwarded. Blocking IGMP by default makes little sense.
-
@dennypage @SteveITS I had commented on redmine 15400 but since it was closed I guess that my message went unnoticed.
I have created a new redmine 16068 for adding options to disable logging of packets with IP options.
