Pf reloads too much

  • My pftop shows that pf reloads very frequently. Perhaps every few minutes, the Packet counter and the Byte counter are reset to zero.

    The Status: System logs: System page shows no events that could seem to be relevant.

    This was observed on all snapshots of recent months, with almost every type of WAN link (PPPoE, DHCP and static).

    My system is a virtual machine with E1000 virtual NICs hosted on a VMWare ESXi v.4 machine.

    Does somebody notice the same?

  • Depends on the type of services you use actually.

  • It behaves the same even in the simplest configuration: 1 LAN + 1 WAN + 3 OPTs, all static, no DHCP clients, no DHCP server, no DNS servers, no NTP, no packages and all queues are turned off.

  • I think it happens every 10 minutes.  The rules file is rewritten and reloaded in that interval.

  • It should not do that if there is not service needing it!
    I will give it  alook.

  • Would the rules get reloaded when an IP address changes? (possibly from switching cables around or a DHCP server giving out a different IP)

  • I don't think so. As said, it happens even with static IP addresses, and there are no logged events regarding any change of IP.

    Some filter reloads are logged, like this:

    Mar 13 09:46:07 check_reload_status: reloading filter

    But these are very few (about once or twice a day). Whereas pf reloads occur once every few minutes.

  • I was not suggesting a cause, but referring to a case that might need to be considered if someone tries to "fix" this, because it might break things if that case isn't already handled.

  • It should be saner on latest snaps.

