Latest snapshots (i386,full) DIOCADDRULE device busy+cannot define table bogons



  • Hi,

    in my other thread here http://forum.pfsense.org/index.php/topic,29391.0.html I wrote that these "DIOCADDRULE: Device busy" errors have gone with (first) 6.nov snapshot.

    Unfortunately this wasn't true. Either I didn't notice them on first boot or they reappeared after second boot.
    These "DIOCADDRULE: Device busy" errors first appeared after upgrading from early Sept. to 12th oct. snapshot.

    However, after upgrading to 6.nov 21:20 snapshot I got additional errors without changing the config.

    Here's the full log, maybe you want to ignore those "ERROR: unknown DS name" errors, as I get them since months, but without any noticeable impact.

    I'd like to dedicate the topic to "DIOCADDRULE: Device busy" and "/tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [204]: table <bogons>persist file "/etc/bogons"

    This happens on two different servers with different hardware.

    Thank you very much for any help

    
    Nov 7 12:46:50 	sshlockout[49082]: sshlockout v2.0 starting up
    Nov 7 12:46:50 	sshlockout[49082]: sshlockout v2.0 starting up
    Nov 7 12:46:50 	login: login on ttyv0 as root
    Nov 7 12:46:49 	php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group
    Nov 7 12:46:48 	check_reload_status: reloading filter
    Nov 7 12:46:48 	php: : Resyncing configuration for all packages.
    Nov 7 12:46:47 	php: : Creating rrd update script
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queuedrops.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queues.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queuedrops.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queues.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queuedrops.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queues.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queuedrops.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queues.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queuedrops.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:47 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queues.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:46:46 	kernel: WARNING: pseudo-random number generator used for IPsec processing
    Nov 7 12:46:45 	php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group
    Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip1>via <gw_aon_ip>Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip2>via <gw_aon_ip>Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip3>via <gw_aon_ip>Nov 7 12:46:45 	php: : The command '/sbin/route delete -host <ipsec_endpoint_ip1>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint_ip1>: not in table'
    Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip1>via <gw_aon_ip>Nov 7 12:46:45 	php: : The command '/sbin/route delete -host <ipsec_endpoint_ip2>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint_ip2>: not in table'
    Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip2>via <gw_aon_ip>Nov 7 12:46:45 	php: : The command '/sbin/route delete -host <ipsec_endpoint_ip3>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint_ip3>: not in table'
    Nov 7 12:46:45 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint_ip3>via <gw_aon_ip>Nov 7 12:46:44 	dnsmasq[50279]: read /etc/hosts - 46 addresses
    Nov 7 12:46:44 	dnsmasq[50279]: using nameserver 195.58.160.194#53
    Nov 7 12:46:44 	dnsmasq[50279]: using nameserver 195.58.161.122#53
    Nov 7 12:46:44 	dnsmasq[50279]: using nameserver 213.33.99.70#53
    Nov 7 12:46:44 	dnsmasq[50279]: using nameserver 80.120.17.70#53
    Nov 7 12:46:44 	check_reload_status: updating all dyndns
    Nov 7 12:46:44 	dnsmasq[50279]: reading /etc/resolv.conf
    Nov 7 12:46:44 	dnsmasq[50279]: compile time options: no-IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Nov 7 12:46:44 	dnsmasq[50279]: started, version 2.55 cachesize 10000
    Nov 7 12:46:44 	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Nov 7 12:46:44 	dhcpd: All rights reserved.
    Nov 7 12:46:44 	dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    Nov 7 12:46:44 	dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    Nov 7 12:46:43 	php: : ROUTING: add default route to <wan_ip>Nov 7 12:46:38 	apinger: ALARM: UPC_GW_ASYNC(<upc_gw_async_ip>) *** UPC_GW_ASYNCdown ***
    Nov 7 12:46:35 	php: : There were error(s) loading the rules: /tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [204]: table <bogons>persist file "/etc/bogons"
    Nov 7 12:46:35 	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded The line in question reads [204]: table <bogons>persist file "/etc/bogons"
    Nov 7 12:46:35 	php: : There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [ DIOCADDRULE]:
    Nov 7 12:46:35 	php: : New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]:
    Nov 7 12:46:35 	php: : There were error(s) loading the rules: /tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [204]: table <bogons>persist file "/etc/bogons"
    Nov 7 12:46:35 	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded The line in question reads [204]: table <bogons>persist file "/etc/bogons"
    Nov 7 12:46:35 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: Duplicate signature for FreeBSD 4.8 : File exists pfctl: Duplicate signature for FreeBSD 4.9 : File exists pfctl: Duplicate signature for FreeBSD 4.10 : File exists pfctl: Duplicate signature for FreeBSD 4.11 : File exists pfctl: Duplicate signature for FreeBSD 4.8-4.11 : File exists pfctl: Duplicate signature for FreeBSD 4.8 : File exists pfctl: Duplicate signature for FreeBSD 4.9 : File exists pfctl: Duplicate signature for FreeBSD 4.10 : File exists pfctl: Duplicate signature for FreeBSD 4.11 : File exists pfctl: Duplicate signature for FreeBSD 4.8-4.11 : File exists pfctl: Duplicate signature for FreeBSD 5.0 : File exists pfctl: Duplicate signature for FreeBSD 5.1 : File exists pfctl: Duplicate signature for FreeBSD 5.0-5.1 : File exists pfctl: Duplicate signature for FreeBSD 5.0 : File exists pfctl: Duplicate signature for FreeBSD 5.1 : File exists pfctl: Duplicate signature fo
    Nov 7 12:46:35 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded'
    Nov 7 12:46:35 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy'
    Nov 7 12:46:35 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded'
    Nov 7 12:46:34 	apinger: Starting Alarm Pinger, apinger(48761)
    Nov 7 12:46:34 	php: : Removing static route for monitor 80.120.17.70 and adding a new route through <gw_aon_ip>Nov 7 12:46:34 	php: : The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit code '1', the output was '/var/etc/relayd.conf:3: syntax error no redirections, nothing to do'
    Nov 7 12:46:32 	kernel: em2_vlan8: link state changed to UP
    Nov 7 12:46:32 	kernel: em2_vlan16: link state changed to UP
    Nov 7 12:46:32 	kernel: em2: link state changed to UP
    Nov 7 12:46:32 	check_reload_status: Linkup starting em2
    Nov 7 12:46:32 	last message repeated 9 times
    Nov 7 12:46:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:46:30 	kernel: pflog0: promiscuous mode enabled
    Nov 7 12:46:30 	check_reload_status: reloading filter
    Nov 7 12:46:30 	check_reload_status: reloading filter
    Nov 7 12:46:30 	kernel: Trying to mount root from ufs:/dev/ipsd0s1a
    Nov 7 12:46:30 	kernel: uhid0: <hid sys="">on usbus0
    Nov 7 12:46:30 	kernel: ums0: 3 buttons and [Z] coordinates ID=0
    Nov 7 12:46:30 	kernel: ums0: <hid ms="">on usbus0
    Nov 7 12:46:30 	kernel: kbd2 at ukbd0
    Nov 7 12:46:30 	kernel: ukbd0: <hid kb="">on usbus0
    Nov 7 12:46:30 	kernel: ugen0.2: <ibm>at usbus0
    Nov 7 12:46:30 	kernel: uhub0: 4 ports with 4 removable, self powered
    Nov 7 12:46:30 	kernel: SMP: AP CPU #3 Launched!
    Nov 7 12:46:30 	kernel: SMP: AP CPU #1 Launched!
    Nov 7 12:46:30 	kernel: SMP: AP CPU #2 Launched!
    Nov 7 12:46:30 	kernel: ipsd0: Logical Drive (52071MB)
    Nov 7 12:46:30 	kernel: ipsd0: <logical drive="">on ips0
    Nov 7 12:46:30 	kernel: ips0: Logical Drive 0: RAID1 sectors: 106641408, state OK
    Nov 7 12:46:30 	kernel: ips0: logical drives: 1
    Nov 7 12:46:30 	kernel: ips0: adapter type: ServeRAID 5i II (sarasota)
    Nov 7 12:46:30 	kernel: ips0: resetting adapter, this may take up to 5 minutes
    Nov 7 12:46:30 	kernel: acd0: CDROM <lg cd-rom="" crn-8245b="" 1.16="">at ata0-master UDMA33
    Nov 7 12:46:30 	kernel: uhub0: <(0x1166) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
    Nov 7 12:46:30 	kernel: ugen0.1: <(0x1166)> at usbus0
    Nov 7 12:46:30 	kernel: usbus0: 12Mbps Full Speed USB v1.0
    Nov 7 12:46:30 	kernel: IPsec: Initialized Security Association Processing.
    Nov 7 12:46:30 	kernel: Timecounters tick every 1.000 msec
    Nov 7 12:46:30 	kernel: p4tcc3: <cpu frequency="" thermal="" control="">on cpu3
    Nov 7 12:46:30 	kernel: p4tcc2: <cpu frequency="" thermal="" control="">on cpu2
    Nov 7 12:46:30 	kernel: p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
    Nov 7 12:46:30 	kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
    Nov 7 12:46:30 	kernel: ppc0: parallel port not found.
    Nov 7 12:46:30 	kernel: atkbd0: [ITHREAD]
    Nov 7 12:46:30 	kernel: atkbd0: [GIANT-LOCKED]
    Nov 7 12:46:30 	kernel: kbd0 at atkbd0
    Nov 7 12:46:30 	kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
    Nov 7 12:46:30 	kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    Nov 7 12:46:30 	kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Nov 7 12:46:30 	kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Nov 7 12:46:30 	kernel: sc0: <system console="">at flags 0x100 on isa0
    Nov 7 12:46:30 	kernel: orm0: <isa option="" roms="">at iomem 0xc0000-0xcafff,0xcb000-0xce7ff,0xce800-0xcffff,0xd0000-0xd17ff pnpid ORM0000 on isa0
    Nov 7 12:46:30 	kernel: pmtimer0 on isa0
    Nov 7 12:46:30 	kernel: atrtc0: <at realtime="" clock="">port 0x70-0x73 irq 8 on acpi0
    Nov 7 12:46:30 	kernel: uart0: [FILTER]
    Nov 7 12:46:30 	kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Nov 7 12:46:30 	kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
    Nov 7 12:46:30 	kernel: fdc0: [FILTER]
    Nov 7 12:46:30 	kernel: fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5 irq 6 drq 2 on acpi0
    Nov 7 12:46:30 	kernel: ips0: [ITHREAD]
    Nov 7 12:46:30 	kernel: ips0: <ibm serveraid="" adapter="">mem 0xe4000000-0xe7ffffff irq 18 at device 2.0 on pci8
    Nov 7 12:46:30 	kernel: pci8: <acpi pci="" bus="">on pcib5
    Nov 7 12:46:30 	kernel: pcib5: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:46:30 	kernel: em3: [FILTER]
    Nov 7 12:46:30 	kernel: em3: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x40c0-0x40ff mem 0xecf80000-0xecf9ffff irq 30 at device 8.1 on pci6
    Nov 7 12:46:30 	kernel: em2: [FILTER]
    Nov 7 12:46:30 	kernel: em2: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4080-0x40bf mem 0xecfa0000-0xecfbffff irq 29 at device 8.0 on pci6
    Nov 7 12:46:30 	kernel: em1: [FILTER]
    Nov 7 12:46:30 	kernel: em1: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4040-0x407f mem 0xecfc0000-0xecfdffff irq 17 at device 1.1 on pci6
    Nov 7 12:46:30 	kernel: em0: [FILTER]
    Nov 7 12:46:30 	kernel: em0: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4000-0x403f mem 0xecfe0000-0xecffffff irq 16 at device 1.0 on pci6
    Nov 7 12:46:30 	kernel: pci6: <acpi pci="" bus="">on pcib4
    Nov 7 12:46:30 	kernel: pcib4: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:46:30 	kernel: fxp1: [ITHREAD]
    Nov 7 12:46:30 	kernel: inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 7 12:46:30 	kernel: inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
    Nov 7 12:46:30 	kernel: miibus1: <mii bus="">on fxp1
    Nov 7 12:46:30 	kernel: fxp1: <intel 100="" 82550="" pro="" ethernet="">port 0x3040-0x307f mem 0xef041000-0xef041fff,0xef020000-0xef03ffff irq 23 at device 5.0 on pci5
    Nov 7 12:46:30 	kernel: fxp0: [ITHREAD]
    Nov 7 12:46:30 	kernel: inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 7 12:46:30 	kernel: inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
    Nov 7 12:46:30 	kernel: miibus0: <mii bus="">on fxp0
    Nov 7 12:46:30 	kernel: fxp0: <intel 100="" 82550="" pro="" ethernet="">port 0x3000-0x303f mem 0xef040000-0xef040fff,0xef000000-0xef01ffff irq 22 at device 4.0 on pci5
    Nov 7 12:46:30 	kernel: pci5: <pci bus="">on pcib3
    Nov 7 12:46:30 	kernel: pcib3: <pci-pci bridge="">at device 4.0 on pci4
    Nov 7 12:46:30 	kernel: pci4: <acpi pci="" bus="">on pcib2
    Nov 7 12:46:30 	kernel: pcib2: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:46:30 	kernel: pci2: <acpi pci="" bus="">on pcib1
    Nov 7 12:46:30 	kernel: pcib1: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:46:30 	kernel: isa0: <isa bus="">on isab0
    Nov 7 12:46:30 	kernel: isab0: <pci-isa bridge="">at device 15.3 on pci0
    Nov 7 12:46:30 	kernel: usbus0: <ohci (generic)="" usb="" controller="">on ohci0
    Nov 7 12:46:30 	kernel: ohci0: [ITHREAD]
    Nov 7 12:46:30 	kernel: ohci0: <ohci (generic)="" usb="" controller="">mem 0xfebef000-0xfebeffff irq 11 at device 15.2 on pci0
    Nov 7 12:46:30 	kernel: ata1: [ITHREAD]
    Nov 7 12:46:30 	kernel: ata1: <ata 1="" channel="">on atapci0
    Nov 7 12:46:30 	kernel: ata0: [ITHREAD]
    Nov 7 12:46:30 	kernel: ata0: <ata 0="" channel="">on atapci0
    Nov 7 12:46:30 	kernel: atapci0: <serverworks csb5="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x700-0x70f at device 15.1 on pci0
    Nov 7 12:46:30 	kernel: vgapci0: <vga-compatible display="">port 0x2400-0x24ff mem 0xf0000000-0xf7ffffff,0xfebf0000-0xfebfffff irq 24 at device 5.0 on pci0
    Nov 7 12:46:30 	kernel: pci0: <acpi pci="" bus="">on pcib0
    Nov 7 12:46:30 	kernel: pcib0: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:46:30 	kernel: cpu3: <acpi cpu="">on acpi0
    Nov 7 12:46:30 	kernel: cpu2: <acpi cpu="">on acpi0
    Nov 7 12:46:30 	kernel: cpu1: <acpi cpu="">on acpi0
    Nov 7 12:46:30 	kernel: cpu0: <acpi cpu="">on acpi0
    Nov 7 12:46:30 	kernel: acpi_timer0: <32-bit timer at 3.579545MHz> port 0x488-0x48b on acpi0
    Nov 7 12:46:30 	kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
    Nov 7 12:46:30 	kernel: acpi0: reservation of 460, 2 (4) failed
    Nov 7 12:46:30 	kernel: acpi0: Power Button (fixed)
    Nov 7 12:46:30 	kernel: acpi0: [ITHREAD]
    Nov 7 12:46:30 	kernel: acpi0: <ibm seronyxp="">on motherboard
    Nov 7 12:46:30 	kernel: padlock0: No ACE support.
    Nov 7 12:46:30 	kernel: cryptosoft0: <software crypto="">on motherboard
    Nov 7 12:46:30 	kernel: kbd1 at kbdmux0
    Nov 7 12:46:30 	kernel: module_register_init: MOD_LOAD (wpi_fw, 0xc094f700, 0) error 1
    Nov 7 12:46:30 	kernel: wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
    Nov 7 12:46:30 	kernel: wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
    Nov 7 12:46:30 	kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc075ab90, 0) error 1
    Nov 7 12:46:30 	kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:46:30 	kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:46:30 	kernel: wlan: mac acl policy registered
    Nov 7 12:46:30 	kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc075aad0, 0) error 1
    Nov 7 12:46:30 	kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:46:30 	kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:46:30 	kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc075aa10, 0) error 1
    Nov 7 12:46:30 	kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:46:30 	kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:46:30 	kernel: ioapic0 <version 1.1="">irqs 0-15 on motherboard
    Nov 7 12:46:30 	kernel: ioapic1 <version 1.1="">irqs 16-31 on motherboard
    Nov 7 12:46:30 	kernel: ioapic2 <version 1.1="">irqs 32-47 on motherboard
    Nov 7 12:46:30 	kernel: MADT: Forcing active-low polarity and level trigger for SCI
    Nov 7 12:46:30 	kernel: cpu3 (AP/HT): APIC ID: 7
    Nov 7 12:46:30 	kernel: cpu2 (AP): APIC ID: 6
    Nov 7 12:46:30 	kernel: cpu1 (AP/HT): APIC ID: 1
    Nov 7 12:46:30 	kernel: cpu0 (BSP): APIC ID: 0
    Nov 7 12:46:30 	kernel: FreeBSD/SMP: 2 package(s) x 1 core(s) x 2 HTT threads
    Nov 7 12:46:30 	kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
    Nov 7 12:46:30 	kernel: ACPI APIC Table: <ibm seronyxp="">Nov 7 12:46:30 	kernel: avail memory = 3141349376 (2995 MB)
    Nov 7 12:46:30 	kernel: real memory = 3221225472 (3072 MB)
    Nov 7 12:46:30 	kernel: Features2=0x4400 <cnxt-id,xtpr>Nov 7 12:46:30 	kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Nov 7 12:46:30 	kernel: Origin = "GenuineIntel" Id = 0xf29 Family = f Model = 2 Stepping = 9
    Nov 7 12:46:30 	kernel: CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2793.90-MHz 686-class CPU)
    Nov 7 12:46:30 	kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
    Nov 7 12:46:30 	kernel: sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
    Nov 7 12:46:30 	kernel: FreeBSD 8.1-RELEASE-p1 #1: Sat Nov 6 21:15:15 EDT 2010
    Nov 7 12:46:30 	kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
    Nov 7 12:46:30 	kernel: The Regents of the University of California. All rights reserved.
    Nov 7 12:46:30 	kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Nov 7 12:46:30 	kernel: Copyright (c) 1992-2010 The FreeBSD Project.
    Nov 7 12:46:30 	syslogd: kernel boot file is /boot/kernel/kernel</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></cnxt-id,xtpr></ibm></version></version></version></software></ibm></acpi></acpi></acpi></acpi></acpi></acpi></vga-compatible></serverworks></ata></ata></ohci></ohci></pci-isa></isa></acpi></acpi></acpi></acpi></pci-pci></pci></intel></mii></i82555></intel></mii></i82555></acpi></acpi></intel(r)></intel(r)></intel(r)></intel(r)></acpi></acpi></ibm></floppy></at></isa></system></generic></keyboard></at></cpu></cpu></cpu></cpu></lg></logical></ibm></hid></hid></hid></gw_aon_ip></bogons></bogons></bogons></bogons></upc_gw_async_ip></wan_ip></gw_aon_ip></ipsec_endpoint_ip3></ipsec_endpoint_ip3></ipsec_endpoint_ip3></gw_aon_ip></ipsec_endpoint_ip2></ipsec_endpoint_ip2></ipsec_endpoint_ip2></gw_aon_ip></ipsec_endpoint_ip1></ipsec_endpoint_ip1></ipsec_endpoint_ip1></gw_aon_ip></ipsec_endpoint_ip3></gw_aon_ip></ipsec_endpoint_ip2></gw_aon_ip></ipsec_endpoint_ip1> 
    

    This is with 12.oct. snapshot on the second machine (which is for testing)

    
    Nov 7 12:58:45 	sshlockout[22444]: sshlockout v2.0 starting up
    Nov 7 12:58:45 	sshlockout[22444]: sshlockout v2.0 starting up
    Nov 7 12:58:45 	login: login on ttyv0 as root
    Nov 7 12:58:44 	kernel: WARNING: pseudo-random number generator used for IPsec processing
    Nov 7 12:58:43 	php: : Resyncing configuration for all packages.
    Nov 7 12:58:43 	php: : Creating rrd update script
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queuedrops.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queues.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queuedrops.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queues.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queuedrops.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queues.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queuedrops.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queues.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queuedrops.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queues.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name '''
    Nov 7 12:58:42 	php: : SQUID is installed but not started. Not installing "filter" rules.
    Nov 7 12:58:42 	php: : SQUID is installed but not started. Not installing "nat" rules.
    Nov 7 12:58:41 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:41 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint1_ip>via <gw_aon_ip>Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint2_ip>via <gw_aon_ip>Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint3_ip>via <gw_aon_ip>Nov 7 12:58:41 	php: : The command '/sbin/route delete -host <ipsec_endpoint1_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint1_ip>: not in table'
    Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint1_ip>via <gw_aon_ip>Nov 7 12:58:41 	php: : The command '/sbin/route delete -host <ipsec_endpoint2_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint2_ip>: not in table'
    Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint2_ip>via <gw_aon_ip>Nov 7 12:58:41 	php: : The command '/sbin/route delete -host <ipsec_endpoint3_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint3_ip>: not in table'
    Nov 7 12:58:41 	php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint3_ip>via <gw_aon_ip>Nov 7 12:58:42 	dnsmasq[15860]: read /etc/hosts - 46 addresses
    Nov 7 12:58:42 	dnsmasq[15860]: using nameserver 195.58.160.194#53
    Nov 7 12:58:42 	dnsmasq[15860]: using nameserver 195.58.161.122#53
    Nov 7 12:58:42 	dnsmasq[15860]: using nameserver 213.33.99.70#53
    Nov 7 12:58:42 	check_reload_status: updating all dyndns
    Nov 7 12:58:42 	dnsmasq[15860]: using nameserver 80.120.17.70#53
    Nov 7 12:58:42 	dnsmasq[15860]: reading /etc/resolv.conf
    Nov 7 12:58:42 	dnsmasq[15860]: compile time options: no-IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Nov 7 12:58:42 	dnsmasq[15860]: started, version 2.55 cachesize 10000
    Nov 7 12:58:41 	dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
    Nov 7 12:58:41 	dhcpd: All rights reserved.
    Nov 7 12:58:41 	dhcpd: Copyright 2004-2008 Internet Systems Consortium.
    Nov 7 12:58:41 	dhcpd: Internet Systems Consortium DHCP Server V3.0.7
    Nov 7 12:58:41 	php: : ROUTING: add default route to <gw_upc_ip>Nov 7 12:58:39 	apinger: Starting Alarm Pinger, apinger(45956)
    Nov 7 12:58:39 	php: : Removing static route for monitor 80.120.17.70 and adding a new route through <gw_aon_ip>Nov 7 12:58:39 	php: : The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit code '1', the output was '/var/etc/relayd.conf:3: syntax error no redirections, nothing to do'
    Nov 7 12:58:39 	php: : There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [ DIOCADDRULE]:
    Nov 7 12:58:39 	php: : New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]:
    Nov 7 12:58:39 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy'
    Nov 7 12:58:39 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy'
    Nov 7 12:58:39 	last message repeated 4 times
    Nov 7 12:58:34 	php: : SQUID is installed but not started. Not installing "filter" rules.
    Nov 7 12:58:34 	kernel: vip1: link state changed to UP
    Nov 7 12:58:34 	kernel: vip3: link state changed to UP
    Nov 7 12:58:34 	kernel: vip2: link state changed to UP
    Nov 7 12:58:32 	kernel: em1: link state changed to UP
    Nov 7 12:58:32 	check_reload_status: Linkup starting em1
    Nov 7 12:58:32 	last message repeated 4 times
    Nov 7 12:58:31 	php: : SQUID is installed but not started. Not installing "nat" rules.
    Nov 7 12:58:31 	kernel: vip1: link state changed to DOWN
    Nov 7 12:58:31 	kernel: vip1: 2 link states coalesced
    Nov 7 12:58:31 	kernel: bge1: link state changed to UP
    Nov 7 12:58:31 	kernel: vip1: INIT -> BACKUP
    Nov 7 12:58:31 	check_reload_status: Linkup starting bge1
    Nov 7 12:58:31 	php: : The command '/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf' returned exit code '71', the output was 'inetd[29362]: inetd already running, pid: 29987'
    Nov 7 12:58:31 	inetd[29362]: inetd already running, pid: 29987
    Nov 7 12:58:31 	inetd[29362]: inetd already running, pid: 29987
    Nov 7 12:58:31 	last message repeated 3 times
    Nov 7 12:58:31 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	kernel: vip3: link state changed to DOWN
    Nov 7 12:58:30 	kernel: vip3: 2 link states coalesced
    Nov 7 12:58:30 	kernel: vip2: link state changed to DOWN
    Nov 7 12:58:30 	kernel: vip2: 2 link states coalesced
    Nov 7 12:58:30 	kernel: em0: link state changed to UP
    Nov 7 12:58:30 	kernel: vip3: INIT -> BACKUP
    Nov 7 12:58:30 	kernel: vip2: INIT -> BACKUP
    Nov 7 12:58:30 	check_reload_status: Linkup starting em0
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	kernel: pflog0: promiscuous mode enabled
    Nov 7 12:58:30 	check_reload_status: reloading filter
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	check_reload_status: reloading filter
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	php: : Gateways status could not be determined, considering all as up/active.
    Nov 7 12:58:30 	kernel: ovpns2: link state changed to UP
    Nov 7 12:58:30 	kernel: ovpns1: link state changed to UP
    Nov 7 12:58:30 	kernel: uhid0: <hid sys="">on usbus1
    Nov 7 12:58:30 	kernel: ums0: 3 buttons and [Z] coordinates ID=0
    Nov 7 12:58:30 	kernel: ums0: <hid ms="">on usbus1
    Nov 7 12:58:30 	kernel: kbd2 at ukbd0
    Nov 7 12:58:30 	kernel: ukbd0: <hid kb="">on usbus1
    Nov 7 12:58:30 	kernel: ugen1.2: <ibm>at usbus1
    Nov 7 12:58:30 	kernel: Trying to mount root from ufs:/dev/ipsd0s1a
    Nov 7 12:58:30 	kernel: SMP: AP CPU #1 Launched!
    Nov 7 12:58:30 	kernel: ipsd0: Logical Drive (70006MB)
    Nov 7 12:58:30 	kernel: ipsd0: <logical drive="">on ips0
    Nov 7 12:58:30 	kernel: ips0: Logical Drive 0: RAID1 sectors: 143372288, state OK
    Nov 7 12:58:30 	kernel: ips0: logical drives: 1
    Nov 7 12:58:30 	kernel: ips0: adapter type: ServeRAID 7k
    Nov 7 12:58:30 	kernel: uhub2: 4 ports with 4 removable, self powered
    Nov 7 12:58:30 	kernel: acd0: CDRW <hl-dt-stcd-rw dvd="" drive="" gcc-4244n="" 1.02="">at ata0-master UDMA33
    Nov 7 12:58:30 	kernel: uhub1: 2 ports with 2 removable, self powered
    Nov 7 12:58:30 	kernel: uhub0: 2 ports with 2 removable, self powered
    Nov 7 12:58:30 	kernel: uhub2: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus2
    Nov 7 12:58:30 	kernel: ugen2.1: <intel>at usbus2
    Nov 7 12:58:30 	kernel: uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus1
    Nov 7 12:58:30 	kernel: ugen1.1: <intel>at usbus1
    Nov 7 12:58:30 	kernel: uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
    Nov 7 12:58:30 	kernel: ugen0.1: <intel>at usbus0
    Nov 7 12:58:30 	kernel: usbus2: 480Mbps High Speed USB v2.0
    Nov 7 12:58:30 	kernel: usbus1: 12Mbps Full Speed USB v1.0
    Nov 7 12:58:30 	kernel: usbus0: 12Mbps Full Speed USB v1.0
    Nov 7 12:58:30 	kernel: IPsec: Initialized Security Association Processing.
    Nov 7 12:58:30 	kernel: Timecounters tick every 1.000 msec
    Nov 7 12:58:30 	kernel: p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
    Nov 7 12:58:30 	kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
    Nov 7 12:58:30 	kernel: ppc0: parallel port not found.
    Nov 7 12:58:30 	kernel: atkbd0: [ITHREAD]
    Nov 7 12:58:30 	kernel: atkbd0: [GIANT-LOCKED]
    Nov 7 12:58:30 	kernel: kbd0 at atkbd0
    Nov 7 12:58:30 	kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
    Nov 7 12:58:30 	kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    Nov 7 12:58:30 	kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Nov 7 12:58:30 	kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Nov 7 12:58:30 	kernel: sc0: <system console="">at flags 0x100 on isa0
    Nov 7 12:58:30 	kernel: orm0: <isa option="" rom="">at iomem 0xc0000-0xcafff pnpid ORM0000 on isa0
    Nov 7 12:58:30 	kernel: pmtimer0 on isa0
    Nov 7 12:58:30 	kernel: atrtc0: <at realtime="" clock="">port 0x70-0x73 irq 8 on acpi0
    Nov 7 12:58:30 	kernel: uart0: [FILTER]
    Nov 7 12:58:30 	kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Nov 7 12:58:30 	kernel: fdc0: [FILTER]
    Nov 7 12:58:30 	kernel: fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5 irq 6 drq 2 on acpi0
    Nov 7 12:58:30 	kernel: pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    Nov 7 12:58:30 	kernel: ata1: [ITHREAD]
    Nov 7 12:58:30 	kernel: ata1: <ata 1="" channel="">on atapci0
    Nov 7 12:58:30 	kernel: ata0: [ITHREAD]
    Nov 7 12:58:30 	kernel: ata0: <ata 0="" channel="">on atapci0
    Nov 7 12:58:30 	kernel: atapci0: <intel ich5="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x480-0x48f at device 31.1 on pci0
    Nov 7 12:58:30 	kernel: isa0: <isa bus="">on isab0
    Nov 7 12:58:30 	kernel: isab0: <pci-isa bridge="">at device 31.0 on pci0
    Nov 7 12:58:30 	kernel: vgapci0: <vga-compatible display="">port 0x3000-0x30ff mem 0xf0000000-0xf7ffffff,0xf8000000-0xf800ffff irq 20 at device 6.0 on pci1
    Nov 7 12:58:30 	kernel: pci1: <acpi pci="" bus="">on pcib10
    Nov 7 12:58:30 	kernel: pcib10: <acpi pci-pci="" bridge="">at device 30.0 on pci0
    Nov 7 12:58:30 	kernel: usbus2: <intel 82801eb="" r="" (ich5)="" usb="" 2.0="" controller="">on ehci0
    Nov 7 12:58:30 	kernel: usbus2: EHCI version 1.0
    Nov 7 12:58:30 	kernel: ehci0: [ITHREAD]
    Nov 7 12:58:30 	kernel: ehci0: <intel 82801eb="" r="" (ich5)="" usb="" 2.0="" controller="">mem 0xf9000000-0xf90003ff irq 23 at device 29.7 on pci0
    Nov 7 12:58:30 	kernel: usbus1: <intel 82801eb="" (ich5)="" usb="" controller="" usb-b="">on uhci1
    Nov 7 12:58:30 	kernel: uhci1: [ITHREAD]
    Nov 7 12:58:30 	kernel: uhci1: <intel 82801eb="" (ich5)="" usb="" controller="" usb-b="">port 0x2600-0x261f irq 19 at device 29.1 on pci0
    Nov 7 12:58:30 	kernel: usbus0: <intel 82801eb="" (ich5)="" usb="" controller="" usb-a="">on uhci0
    Nov 7 12:58:30 	kernel: uhci0: [ITHREAD]
    Nov 7 12:58:30 	kernel: uhci0: <intel 82801eb="" (ich5)="" usb="" controller="" usb-a="">port 0x2200-0x221f irq 16 at device 29.0 on pci0
    Nov 7 12:58:30 	kernel: pci0: <base peripheral=""> at device 8.0 (no driver attached)
    Nov 7 12:58:30 	kernel: em1: [FILTER]
    Nov 7 12:58:30 	kernel: em1: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x6040-0x607f mem 0xd5fc0000-0xd5fdffff irq 55 at device 2.1 on pci10
    Nov 7 12:58:30 	kernel: em0: [FILTER]
    Nov 7 12:58:30 	kernel: em0: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x6000-0x603f mem 0xd5fe0000-0xd5ffffff irq 53 at device 2.0 on pci10
    Nov 7 12:58:30 	kernel: pci10: <acpi pci="" bus="">on pcib9
    Nov 7 12:58:30 	kernel: pcib9: <acpi pci-pci="" bridge="">at device 0.2 on pci8
    Nov 7 12:58:30 	kernel: ips0: [ITHREAD]
    Nov 7 12:58:30 	kernel: ips0: <adaptec serveraid="" adapter="">mem 0xd7fff000-0xd7ffffff irq 38 at device 14.0 on pci9
    Nov 7 12:58:30 	kernel: pci9: <acpi pci="" bus="">on pcib8
    Nov 7 12:58:30 	kernel: pcib8: <acpi pci-pci="" bridge="">at device 0.0 on pci8
    Nov 7 12:58:30 	kernel: pci8: <acpi pci="" bus="">on pcib7
    Nov 7 12:58:30 	kernel: pcib7: <acpi pci-pci="" bridge="">at device 6.0 on pci0
    Nov 7 12:58:30 	kernel: bge1: [ITHREAD]
    Nov 7 12:58:30 	kernel: brgphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
    Nov 7 12:58:30 	kernel: brgphy1: <bcm5750 10="" 100="" 1000basetx="" phy="">PHY 1 on miibus3
    Nov 7 12:58:30 	kernel: miibus3: <mii bus="">on bge1
    Nov 7 12:58:30 	kernel: bge1: <broadcom netxtreme="" gigabit="" ethernet="" controller,="" asic="" rev.="" 0x004101="">mem 0xd9ff0000-0xd9ffffff irq 16 at device 0.0 on pci7
    Nov 7 12:58:30 	kernel: pci7: <pci bus="">on pcib6
    Nov 7 12:58:30 	kernel: pcib6: <pci-pci bridge="">at device 5.0 on pci0
    Nov 7 12:58:30 	kernel: bge0: [ITHREAD]
    Nov 7 12:58:30 	kernel: brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
    Nov 7 12:58:30 	kernel: brgphy0: <bcm5750 10="" 100="" 1000basetx="" phy="">PHY 1 on miibus2
    Nov 7 12:58:30 	kernel: miibus2: <mii bus="">on bge0
    Nov 7 12:58:30 	kernel: bge0: <broadcom netxtreme="" gigabit="" ethernet="" controller,="" asic="" rev.="" 0x004101="">mem 0xdbff0000-0xdbffffff irq 16 at device 0.0 on pci6
    Nov 7 12:58:30 	kernel: pci6: <acpi pci="" bus="">on pcib5
    Nov 7 12:58:30 	kernel: pcib5: <acpi pci-pci="" bridge="">at device 4.0 on pci0
    Nov 7 12:58:30 	kernel: pci5: <acpi pci="" bus="">on pcib4
    Nov 7 12:58:30 	kernel: pcib4: <acpi pci-pci="" bridge="">at device 0.2 on pci2
    Nov 7 12:58:30 	kernel: fxp1: [ITHREAD]
    Nov 7 12:58:30 	kernel: inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 7 12:58:30 	kernel: inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
    Nov 7 12:58:30 	kernel: miibus1: <mii bus="">on fxp1
    Nov 7 12:58:30 	kernel: fxp1: <intel 100="" 82550="" pro="" ethernet="">port 0x4040-0x407f mem 0xde041000-0xde041fff,0xde020000-0xde03ffff irq 73 at device 5.0 on pci4
    Nov 7 12:58:30 	kernel: fxp0: [ITHREAD]
    Nov 7 12:58:30 	kernel: inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 7 12:58:30 	kernel: inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
    Nov 7 12:58:30 	kernel: miibus0: <mii bus="">on fxp0
    Nov 7 12:58:30 	kernel: fxp0: <intel 100="" 82550="" pro="" ethernet="">port 0x4000-0x403f mem 0xde040000-0xde040fff,0xde000000-0xde01ffff irq 72 at device 4.0 on pci4
    Nov 7 12:58:30 	kernel: pci4: <pci bus="">on pcib3
    Nov 7 12:58:30 	kernel: pcib3: <pci-pci bridge="">at device 3.0 on pci3
    Nov 7 12:58:30 	kernel: pci3: <acpi pci="" bus="">on pcib2
    Nov 7 12:58:30 	kernel: pcib2: <acpi pci-pci="" bridge="">at device 0.0 on pci2
    Nov 7 12:58:30 	kernel: pci2: <acpi pci="" bus="">on pcib1
    Nov 7 12:58:30 	kernel: pcib1: <acpi pci-pci="" bridge="">at device 2.0 on pci0
    Nov 7 12:58:30 	kernel: pci0: <unknown>at device 0.1 (no driver attached)
    Nov 7 12:58:30 	kernel: pci0: <acpi pci="" bus="">on pcib0
    Nov 7 12:58:30 	kernel: pcib0: <acpi host-pci="" bridge="">on acpi0
    Nov 7 12:58:30 	kernel: cpu1: <acpi cpu="">on acpi0
    Nov 7 12:58:30 	kernel: cpu0: <acpi cpu="">on acpi0
    Nov 7 12:58:30 	kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x588-0x58b on acpi0
    Nov 7 12:58:30 	kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    Nov 7 12:58:30 	kernel: acpi0: Power Button (fixed)
    Nov 7 12:58:30 	kernel: acpi0: [ITHREAD]
    Nov 7 12:58:30 	kernel: acpi0: <ibm seronyxp="">on motherboard
    Nov 7 12:58:30 	kernel: padlock0: No ACE support.
    Nov 7 12:58:30 	kernel: cryptosoft0: <software crypto="">on motherboard
    Nov 7 12:58:30 	kernel: kbd1 at kbdmux0
    Nov 7 12:58:30 	kernel: module_register_init: MOD_LOAD (wpi_fw, 0xc094ef70, 0) error 1
    Nov 7 12:58:30 	kernel: wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
    Nov 7 12:58:30 	kernel: wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
    Nov 7 12:58:30 	kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc075a490, 0) error 1
    Nov 7 12:58:30 	kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:58:30 	kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:58:30 	kernel: wlan: mac acl policy registered
    Nov 7 12:58:30 	kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc075a3d0, 0) error 1
    Nov 7 12:58:30 	kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:58:30 	kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:58:30 	kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc075a310, 0) error 1
    Nov 7 12:58:30 	kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 7 12:58:30 	kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 7 12:58:30 	kernel: ioapic0 <version 2.0="">irqs 0-23 on motherboard
    Nov 7 12:58:30 	kernel: ioapic1 <version 2.0="">irqs 24-47 on motherboard
    Nov 7 12:58:30 	kernel: ioapic2 <version 2.0="">irqs 48-71 on motherboard
    Nov 7 12:58:30 	kernel: ioapic3 <version 2.0="">irqs 72-95 on motherboard
    Nov 7 12:58:30 	kernel: ioapic4 <version 2.0="">irqs 96-119 on motherboard
    Nov 7 12:58:30 	kernel: cpu1 (AP/HT): APIC ID: 1
    Nov 7 12:58:30 	kernel: cpu0 (BSP): APIC ID: 0
    Nov 7 12:58:30 	kernel: FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads
    Nov 7 12:58:30 	kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
    Nov 7 12:58:30 	kernel: ACPI APIC Table: <ibm seronyxp="">Nov 7 12:58:30 	kernel: avail memory = 3141296128 (2995 MB)
    Nov 7 12:58:30 	kernel: real memory = 3221225472 (3072 MB)
    Nov 7 12:58:30 	kernel: TSC: P-state invariant
    Nov 7 12:58:30 	kernel: AMD Features2=0x1 <lahf>Nov 7 12:58:30 	kernel: AMD Features=0x20000000 <lm>Nov 7 12:58:30 	kernel: Features2=0x641d <sse3,dtes64,mon,ds_cpl,cnxt-id,cx16,xtpr>Nov 7 12:58:30 	kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Nov 7 12:58:30 	kernel: Origin = "GenuineIntel" Id = 0xf4a Family = f Model = 4 Stepping = 10
    Nov 7 12:58:30 	kernel: CPU: Intel(R) Xeon(TM) CPU 3.20GHz (3200.14-MHz 686-class CPU)
    Nov 7 12:58:30 	kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
    Nov 7 12:58:30 	kernel: sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
    Nov 7 12:58:30 	kernel: FreeBSD 8.1-RELEASE-p1 #1: Tue Oct 12 12:01:04 EDT 2010
    Nov 7 12:58:30 	kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
    Nov 7 12:58:30 	kernel: The Regents of the University of California. All rights reserved.
    Nov 7 12:58:30 	kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Nov 7 12:58:30 	kernel: Copyright (c) 1992-2010 The FreeBSD Project.
    Nov 7 12:58:30 	syslogd: kernel boot file is /boot/kernel/kernel</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></sse3,dtes64,mon,ds_cpl,cnxt-id,cx16,xtpr></lm></lahf></ibm></version></version></version></version></version></software></ibm></acpi></acpi></acpi></acpi></unknown></acpi></acpi></acpi></acpi></pci-pci></pci></intel></mii></i82555></intel></mii></i82555></acpi></acpi></acpi></acpi></broadcom></mii></bcm5750></pci-pci></pci></broadcom></mii></bcm5750></acpi></acpi></acpi></acpi></adaptec></acpi></acpi></intel(r)></intel(r)></intel></intel></intel></intel></intel></intel></acpi></acpi></vga-compatible></pci-isa></isa></intel></ata></ata></serial></floppy></at></isa></system></generic></keyboard></at></cpu></cpu></intel></intel></intel></intel></intel></intel></hl-dt-stcd-rw></logical></ibm></hid></hid></hid></gw_aon_ip></gw_upc_ip></gw_aon_ip></ipsec_endpoint3_ip></ipsec_endpoint3_ip></ipsec_endpoint3_ip></gw_aon_ip></ipsec_endpoint2_ip></ipsec_endpoint2_ip></ipsec_endpoint2_ip></gw_aon_ip></ipsec_endpoint1_ip></ipsec_endpoint1_ip></ipsec_endpoint1_ip></gw_aon_ip></ipsec_endpoint3_ip></gw_aon_ip></ipsec_endpoint2_ip></gw_aon_ip></ipsec_endpoint1_ip> 
    ```</bogons>


  • Hi,
    I have the same 2 errors on my system, but i can only get them to show with an reboot.
    The DIOCADDRULE will only show on my machines which have multiple uplinks and gateways. Do you have this also?

    -m4rcu5



  • Hi,

    yes I have 3 wan and 2 lan connections.

    Do you notice any strange behaviour or negative impact because of these errors?
    I switched to oct12 which only showed the first error, not both..


  • Rebel Alliance Developer Netgate

    Can you post a copy of your /tmp/rules.debug file which gives you those errors?



  • Hi jimp,

    sorry for the delay.

    I'm not able to post a log from the machine which is running the current snapshot (where besides DIOCADDRULE device busy errors also the can't define bogons error appears). But here is the rules.debug from oct12 snapshot (the 2nd log I posted in my first post).
    I hope this helps too, because the DIOCADDRULE device busy errors appeared for me first when I upgraded to this snapshot (from early sept).
    The config other than interface naming is identical to the other machine running 6.nov. which is shut off at the moment.

    Thank you very much!

    
    #System aliases
    
    loopback = "{ lo0 }"
    UPC = "{ bge1 }"
    LAN = "{ em1 }"
    AON = "{ em0 }"
    UPC_ASYNC = "{ fxp0 }"
    MAIL = "{ fxp1 }"
    WIFI_GUEST = "{ em2_vlan8 }"
    WIFI_VIP = "{ em2_vlan16 }"
    IPsec = "{ enc0 }"
    OpenVPN = "{ openvpn }"
    
    #SSH Lockout Table
    table <sshlockout>persist
    #Snort2C table
    table <snort2c>table <virusprot># User Aliases 
    table <akjfdb>{   192.168.0.40 } 
    akjfdb = "<akjfdb>"
    table <remotesites>{   192.168.9.0/24  192.168.13.0/24  192.168.11.0/24  192.168.12.0/24 } 
    RemoteSites = "<remotesites>"
    Avira = "{ 7000:9000 }"
    table <backup1>{   192.168.0.240 } 
    Backup1 = "<backup1>"
    table <printer>{   192.168.0.67  192.168.0.100  192.168.0.50  192.168.0.4 } 
    Printer = "<printer>"
    table <cen_lan>{   192.168.0.0/24  192.168.111.0/24 } 
    CEN_LAN = "<cen_lan>"
    table <mailserver>{   192.168.0.30 } 
    mailserver = "<mailserver>"
    table <maint>{   192.168.0.31 } 
    Maint = "<maint>"
    table <maxnet>{   192.168.1.0/24  192.168.100.0/24  10.0.10.0/24 } 
    Maxnet = "<maxnet>"
    table <mssql>{   192.168.0.150 } 
    mssql = "<mssql>"
    table <mx_upc>{   <2nd_ip_UPCIF_SUBNET> } 
    mx_upc = "<mx_upc>"
    table <openvpnemployes>{   10.0.9.0/24 } 
    OpenVPNEmployes = "<openvpnemployes>"
    table <openvpntech>{   10.0.10.0/24 } 
    OpenVPNTech = "<openvpntech>"
    samba = "{ 139 445 137 138 }"
    SQL = "{ 1031 80 1434 1662 }"
    table <storage1>{   192.168.0.239 } 
    storage1 = "<storage1>"
    table <uul_lan>{   192.168.1.0/24  192.168.100.0/24 } 
    UUL_LAN = "<uul_lan>"
    table <winsrv1>{   192.168.0.240 } 
    WinSRV1 = "<winsrv1>"
    
    # Gateways
    GWGW_UPC = " route-to ( bge1 <gw_upc_ip>) "
    GWGW_AON = " route-to ( em0 <gw_aon_ip>) "
    GWLANCOM_LAN = " route-to ( em1 192.168.0.2 ) "
    GWUPC_GW_ASYNC = " route-to ( fxp0 <gw_upcasync_ip>) "
    GWLoadBalance = "  route-to { ( fxp0 <gw_upcasync_ip>)  }  "
    GWmx_failover = "  route-to { ( bge1 <gw_upc_ip>)  }  "
    
    set loginterface bge1
    set loginterface em1
    set loginterface em0
    set loginterface fxp0
    set loginterface fxp1
    set loginterface em2_vlan8
    set loginterface em2_vlan16
    set optimization conservative
    set timeout { udp.first 300, udp.single 150, udp.multiple 900 }
    set limit states 299000
    set limit src-nodes 299000
    
    set skip on pfsync0
    
    scrub in on $UPC all no-df   fragment reassemble
    scrub in on $LAN all no-df   fragment reassemble
    scrub in on $AON all no-df   fragment reassemble
    scrub in on $UPC_ASYNC all no-df   fragment reassemble
    scrub in on $MAIL all no-df   fragment reassemble
    scrub in on $WIFI_GUEST all no-df   fragment reassemble
    scrub in on $WIFI_VIP all no-df   fragment reassemble
    
     altq on  em0 hfsc bandwidth 8Mb queue {  qACK,  qDefault,  qOthersHigh,  qOthersLow,  qUltraHigh  } 
     queue qACK on em0 bandwidth 30% hfsc (  ecn  )  
     queue qDefault on em0 bandwidth 15% hfsc (  ecn  )  
     queue qOthersHigh on em0 bandwidth 25% hfsc (  rio  , ecn  )  
     queue qOthersLow on em0 bandwidth 5% hfsc (  ecn  , default  )  
     queue qUltraHigh on em0 bandwidth 25% hfsc (  rio  , ecn  ,  realtime 1500Kb )  
    
     altq on  fxp0 hfsc bandwidth 1024Kb queue {  qACK,  qDefault,  qOthersHigh,  qOthersLow  } 
     queue qACK on fxp0 bandwidth 20% hfsc (  ecn  )  
     queue qDefault on fxp0 bandwidth 30% hfsc (  ecn  )  
     queue qOthersHigh on fxp0 bandwidth 35% hfsc (  ecn  , linkshare 35%  )  
     queue qOthersLow on fxp0 bandwidth 5% hfsc (  ecn  , default  )  
    
     altq on  em1 hfsc bandwidth 16Mb queue {  qInternet  } 
     queue qInternet on em1 bandwidth 16Mb hfsc (  ecn  , linkshare (15Mb, 100, 16Mb)  , upperlimit 16Mb  )  {  qACK,  qDefault,  qOthersHigh,  qOthersLow,  qUltraHigh  } 
     queue qACK on em1 bandwidth 25% hfsc (  rio  , ecn  )  
     queue qDefault on em1 bandwidth 20% hfsc (  ecn  )  
     queue qOthersHigh on em1 bandwidth 20% hfsc (  rio  , ecn  )  
     queue qOthersLow on em1 bandwidth 5% hfsc (  ecn  , default  )  
     queue qUltraHigh on em1 bandwidth 20% hfsc (  rio  , ecn  ,  realtime 1500Kb )  
    
     altq on  bge1 hfsc bandwidth 8Mb queue {  qACK,  qDefault,  qOthersHigh,  qOthersLow  } 
     queue qACK on bge1 bandwidth 25% hfsc (  ecn  )  
     queue qDefault on bge1 bandwidth 30% hfsc (  ecn  , default  , linkshare 30%  )  
     queue qOthersHigh on bge1 bandwidth 40% hfsc (  rio  , ecn  , linkshare 40%  )  
     queue qOthersLow on bge1 bandwidth 5% hfsc (  ecn  , linkshare 5%  )  
    
     altq on  fxp1 hfsc bandwidth 8Mb queue {  qInternet  } 
     queue qInternet on fxp1 bandwidth 8Mb hfsc (  ecn  , upperlimit 8Mb  )  {  qACK,  qDefault,  qOthersHigh,  qOthersLow  } 
     queue qACK on fxp1 bandwidth 25% hfsc (  ecn  )  
     queue qDefault on fxp1 bandwidth 20% hfsc (  ecn  , default  )  
     queue qOthersHigh on fxp1 bandwidth 50% hfsc (  rio  , ecn  )  
     queue qOthersLow on fxp1 bandwidth 5% hfsc (  ecn  , linkshare 5%  )  
    
    nat-anchor "natearly/*"
    nat-anchor "natrules/*"
    
    # Outbound NAT rules
    nat on $UPC  from 192.168.222.2/32 to !<backuphost_ip>/32 -> <2nd_ip_UPCIF_SUBNET>/32 port 1024:65535
    nat on $UPC  from 192.168.0.239/32 to any -> <2nd_ip_UPCIF_SUBNET>/32 port 1024:65535
    nat on $UPC  from 192.168.0.0/24 to any -> <1st_ip_UPCIF_SUBNET>/32 port 1024:65535
    nat on $AON  from 192.168.0.0/24 to any -> <1st_ip_AON_SUBNET>/32 port 1024:65535
    nat on $UPC_ASYNC  from 192.168.0.0/24 to any -> <ip_upcasync_subnet>/32 port 1024:65535
    nat on $UPC_ASYNC  from 192.168.222.2/32 to any -> <ip_upcasync_subnet>/32 port 1024:65535
    nat on $AON  from 192.168.222.2/32 to !<backuphost_ip>/32 -> <2nd_ip_AON_SUBNET>/32 port 1024:65535
    nat on $AON  from 192.168.222.2/32 to <backuphost_ip>/32 -> <1st_ip_AON_SUBNET>/32 port 1024:65535
    nat on $UPC_ASYNC  from 192.168.16.0/24 to any -> <ip_upcasync_subnet>/32 port 1024:65535
    nat on $UPC  from 192.168.16.0/24 to any -> <1st_ip_UPCIF_SUBNET>/32 port 1024:65535
    nat on $AON  from 192.168.8.0/24 to any -> <1st_ip_AON_SUBNET>/32 port 1024:65535
    nat on $UPC_ASYNC  from 192.168.8.0/24 to any -> <ip_upcasync_subnet>/32 port 1024:65535
    nat on $UPC  from 192.168.8.0/24 to any -> <1st_ip_UPCIF_SUBNET>/32 port 1024:65535
    nat on $AON  from 192.168.16.0/24 to any -> <1st_ip_AON_SUBNET>/32 port 1024:65535
    
    # Load balancing anchor
    rdr-anchor "relayd/*"
    # TFTP proxy
    rdr-anchor "tftp-proxy/*"
    table <vpns>{ 192.168.11.0/24 192.168.13.0/24 192.168.9.0/24 192.168.11.0/24 192.168.13.0/24 192.168.9.0/24 }
    table <direct_networks>{ <upcif_network>/28 192.168.0.0/24 <aonif_network>/29 <upcasync_network>/29 192.168.222.0/30 192.168.8.0/24 192.168.16.0/24 }
    # NAT Inbound Redirects
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 443 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 993 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 5729 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 5767 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 25 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 465 -> 192.168.222.2
    rdr on bge1 proto tcp from any to <2nd_ip_UPCIF_SUBNET> port 80 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 25 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 465 -> 192.168.222.2
    rdr on em0 proto tcp from any to <3rd_ip_AON_SUBNET> port 465 -> 192.168.222.2
    rdr on em0 proto tcp from any to <3rd_ip_AON_SUBNET> port 25 -> 192.168.222.2
    rdr on em0 proto tcp from any to <3rd_ip_AON_SUBNET> port 587 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 587 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 5729 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 5767 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 993 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 443 -> 192.168.222.2
    rdr on em0 proto tcp from any to <2nd_ip_AON_SUBNET> port 80 -> 192.168.222.2
    # UPnPd rdr anchor
    rdr-anchor "miniupnpd"
    
    anchor "relayd/*"
    anchor "firewallrules"
    #---------------------------------------------------------------------------
    # default deny rules
    #---------------------------------------------------------------------------
    block in log all label "Default deny rule"
    block out log all label "Default deny rule"
    
    # We use the mighty pf, we cannot be fooled.
    block quick proto { tcp, udp } from any port = 0 to any
    block quick proto { tcp, udp } from any to any port = 0
    
    # Block all IPv6
    block in quick inet6 all
    block out quick inet6 all
    
    # snort2c
    block quick from <snort2c>to any label "Block snort2c hosts"
    block quick from any to <snort2c>label "Block snort2c hosts"
    
    # package manager early specific hook
    anchor "packageearly"
    
    # carp
    anchor "carp"
    block in log quick proto carp from (self) to any
    pass quick proto carp
    pass quick proto pfsync
    
    # SSH lockout
    block in log quick proto tcp from <sshlockout>to any port 65002 label "sshlockout"
    block in quick from <virusprot>to any label "virusprot overload table"
    table <bogons>persist file "/etc/bogons"
    # block bogon networks
    # http://www.cymru.com/Documents/bogon-bn-nonagg.txt
    anchor "wanbogons"
    block in log quick on $UPC from <bogons>to any label "block bogon networks from UPC"
    antispoof for bge1
    # block anything from private networks on interfaces with the option set
    antispoof for $UPC
    block in log quick on $UPC from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
    block in log quick on $UPC from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
    block in log quick on $UPC from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
    block in log quick on $UPC from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"
    antispoof for em1
    # allow access to DHCP server on LAN
    anchor "dhcpserverLAN"
    pass in on $LAN proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
    pass in on $LAN proto udp from any port = 68 to 192.168.0.3 port = 67 label "allow access to DHCP server"
    pass out on $LAN proto udp from 192.168.0.3 port = 67 to any port = 68 label "allow access to DHCP server"
    # block bogon networks
    # http://www.cymru.com/Documents/bogon-bn-nonagg.txt
    anchor "opt1bogons"
    block in log quick on $AON from <bogons>to any label "block bogon networks from AON"
    antispoof for em0
    # block anything from private networks on interfaces with the option set
    antispoof for $AON
    block in log quick on $AON from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
    block in log quick on $AON from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
    block in log quick on $AON from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
    block in log quick on $AON from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"
    # block bogon networks
    # http://www.cymru.com/Documents/bogon-bn-nonagg.txt
    anchor "opt2bogons"
    block in log quick on $UPC_ASYNC from <bogons>to any label "block bogon networks from UPC_ASYNC"
    antispoof for fxp0
    # block anything from private networks on interfaces with the option set
    antispoof for $UPC_ASYNC
    block in log quick on $UPC_ASYNC from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
    block in log quick on $UPC_ASYNC from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
    block in log quick on $UPC_ASYNC from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
    block in log quick on $UPC_ASYNC from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"
    antispoof for fxp1
    antispoof for em2_vlan8
    # allow access to DHCP server on WIFI_GUEST
    anchor "dhcpserverWIFI_GUEST"
    pass in on $WIFI_GUEST proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
    pass in on $WIFI_GUEST proto udp from any port = 68 to 192.168.8.1 port = 67 label "allow access to DHCP server"
    pass out on $WIFI_GUEST proto udp from 192.168.8.1 port = 67 to any port = 68 label "allow access to DHCP server"
    antispoof for em2_vlan16
    # allow access to DHCP server on WIFI_VIP
    anchor "dhcpserverWIFI_VIP"
    pass in on $WIFI_VIP proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
    pass in on $WIFI_VIP proto udp from any port = 68 to 192.168.16.1 port = 67 label "allow access to DHCP server"
    pass out on $WIFI_VIP proto udp from 192.168.16.1 port = 67 to any port = 68 label "allow access to DHCP server"
    anchor "spoofing"
    
    # loopback
    anchor "loopback"
    pass in on $loopback all label "pass loopback"
    pass out on $loopback all label "pass loopback"
    
    anchor "firewallout"
    # let out anything from the firewall host itself and decrypted IPsec traffic
    pass out all keep state allow-opts label "let out anything from firewall host itself"
    pass out route-to ( bge1 <gw_upc_ip>) from <1st_ip_UPCIF_SUBNET> to !<upcif_network>/28 keep state allow-opts label "let out anything from firewall host itself"
    pass out route-to ( em0 <gw_aon_ip>) from <1st_ip_AON_SUBNET> to !<aonif_network>/29 keep state allow-opts label "let out anything from firewall host itself"
    pass out route-to ( fxp0 <gw_upcasync_ip>) from <ip_upcasync_subnet>to !<upcasync_network>/29 keep state allow-opts label "let out anything from firewall host itself"
    pass out on $IPsec all keep state label "IPsec internal host to host"
    
    # User-defined rules follow
    pass  in  quick  proto tcp  from any to any port 25  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SMTP Rein "
    pass  out  quick  proto tcp  from any to any port 25  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SMTP Raus "
    pass  out  quick  proto tcp  from any port 5556  to any flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE: Webinterface remote access"
    pass  out  quick  proto { tcp udp }  from any to   $UUL_LAN keep state  queue (qDefault)  label "USER_RULE: Uul_lan out"
    pass  in  quick  proto { tcp udp }  from   $UUL_LAN to any keep state  queue (qDefault)  label "USER_RULE: Uul_lan in"
    pass  out  quick  proto udp  from any to any port 53  keep state  queue (qDefault)  label "USER_RULE: DNS out"
    pass  out  quick  proto tcp  from any port 5556  to any flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE: Webinterface out"
    pass  out  quick  inet proto icmp  from any to any icmp-type echoreq keep state  queue (qOthersHigh)  label "USER_RULE: ICMP ECHO out"
    pass  out  proto tcp  from any to any port 8080  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: HTTP 8080"
    pass  out  quick  proto tcp  from any to any port 80  flags S/SA keep state  queue (qDefault,qACK)  label "USER_RULE: HTTP"
    pass  out  quick  proto tcp  from any to any port 443  flags S/SA keep state  queue (qDefault,qACK)  label "USER_RULE: HTTPS"
    pass  out  proto tcp  from any to any port 8008  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: HTTP 8008"
    pass  out  quick  proto tcp  from any to any port 21  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: FTP"
    pass  out  quick  proto tcp  from any to  ! <backuphost_ip>port 22  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SSH"
    pass  out  quick  proto tcp  from any to   <backuphost_ip>port 22  flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE: SSH"
    pass  out  quick  proto tcp  from any to   <backuphost_ip>port 873  flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE: Rsync"
    pass  out  quick  proto tcp  from any to any port 143  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: IMAP out"
    pass  out  quick  proto tcp  from any to any port 993  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: IMAPS out"
    pass  out  quick  proto tcp  from any to any port 110  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: POP3 out"
    pass  out  quick  proto tcp  from any to any port 995  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: POP3s out"
    pass  out  quick  proto tcp  from any to any port 465  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SMTPs out"
    pass  out  quick  proto tcp  from any to any port 587  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SMTP TLS out"
    pass  out  quick  proto { tcp udp }  from any to any port 2683  keep state  queue (qDefault)  label "USER_RULE: ELBA 1 out"
    pass  out  quick  proto { tcp udp }  from any to any port 3048  keep state  queue (qDefault)  label "USER_RULE: ELBA 2 out"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to <1st_ip_UPCIF_SUBNET> port 5556  flags S/SA keep state  queue (qACK,qDefault)  label "USER_RULE: Webinterface remote access"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to <1st_ip_UPCIF_SUBNET> port 65002  flags S/SA keep state  label "USER_RULE: SSH remote access"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  inet proto icmp  from any to <1st_ip_UPCIF_SUBNET> icmp-type echoreq keep state  label "USER_RULE: ECHO"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  inet proto icmp  from any to <1st_ip_UPCIF_SUBNET> icmp-type echorep keep state  label "USER_RULE: ECHO REPLY"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto udp  from  ! $CEN_LAN to <1st_ip_UPCIF_SUBNET> port 1194  keep state  label "USER_RULE: OpenVPN Mitarbeiter"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto udp  from any to <1st_ip_UPCIF_SUBNET> port 12002  keep state  label "USER_RULE: OpenVPN Tech"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  inet proto icmp  from any to   $mx_upc icmp-type echoreq keep state  label "USER_RULE: ECHO mx_upc"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 443  flags S/SA keep state  label "USER_RULE: NAT HTTPS Scalix"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 993  flags S/SA keep state  label "USER_RULE: NAT IMAPS Scalix"
    pass   in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 5729   label "USER_RULE: NAT UAL Scalix"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 5767  flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE: NAT UALS Scalix"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 25  flags S/SA keep state  queue (qACK,qOthersLow)  label "USER_RULE: NAT SMTP"
    pass   in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 465   label "USER_RULE: NAT SMTPS"
    pass  in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 80  flags S/SA keep state  label "USER_RULE: NAT HTTP Scalix"
    pass   in  quick  on $UPC reply-to ( bge1 <gw_upc_ip>)  proto tcp  from any to   192.168.222.2 port 389   label "USER_RULE: NAT LDAP Scalix"
    block  in  quick  on $WIFI_VIP  from any to   $CEN_LAN  label "USER_RULE: block -> intranet"
    block  in  quick  on $WIFI_VIP  from any to   $RemoteSites  label "USER_RULE: block -> RemoteSites"
    block  in  quick  on $WIFI_VIP  from any to   $Maxnet  label "USER_RULE: block -> Maxnet"
    block  in  quick  on $WIFI_VIP  from any to   $OpenVPNEmployes  label "USER_RULE: block -> OpenVPNEmployes"
    pass  in  quick  on $WIFI_VIP  proto { tcp udp }  from any to any port 53  keep state  label "USER_RULE: DNS"
    pass  in  quick  on $WIFI_VIP  from any  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_VIP  $GWLoadBalance  from any to any keep state  label "USER_RULE"
    block  in  quick  on $WIFI_GUEST  from any to   $CEN_LAN  label "USER_RULE: block -> intranet"
    block  in  quick  on $WIFI_GUEST  from any to   $RemoteSites  label "USER_RULE: block -> RemoteSites"
    block  in  quick  on $WIFI_GUEST  from any to   $Maxnet  label "USER_RULE: block -> Maxnet"
    block  in  quick  on $WIFI_GUEST  from any to   $OpenVPNEmployes  label "USER_RULE: block -> OpenVPNEmployes"
    pass  in  quick  on $WIFI_GUEST  proto { tcp udp }  from any to any port 53  keep state  label "USER_RULE: DNS"
    pass  in  quick  on $WIFI_GUEST  proto { tcp udp }  from any  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto { tcp udp }  from any to any port 80  keep state  label "USER_RULE: HTTP"
    pass  in  quick  on $WIFI_GUEST  proto { tcp udp }  from any  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto { tcp udp }  from any to any port 8080  keep state  label "USER_RULE: HTTP 8080"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 443  flags S/SA keep state  label "USER_RULE: HTTPS"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 21  flags S/SA keep state  label "USER_RULE: FTP"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 143  flags S/SA keep state  label "USER_RULE: IMAP"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 993  flags S/SA keep state  label "USER_RULE: IMAPS"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 110  flags S/SA keep state  label "USER_RULE: POP3"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 995  flags S/SA keep state  label "USER_RULE: POP3S"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 25  flags S/SA keep state  label "USER_RULE: SMTP"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 465  flags S/SA keep state  label "USER_RULE: SMTPS"
    pass  in  quick  on $WIFI_GUEST  proto tcp  from any  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  proto tcp  from any to any port 587  flags S/SA keep state  label "USER_RULE: SMTP TLS"
    pass  in  quick  on $WIFI_GUEST  inet proto icmp  from any to any icmp-type echoreq keep state  label "USER_RULE: ECHO"
    pass  in  quick  on $WIFI_GUEST  from any  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $WIFI_GUEST  $GWLoadBalance  from any to any keep state  label "USER_RULE"
    block  in  quick  on $MAIL  from any to   $RemoteSites  label "USER_RULE"
    block  in  quick  on $MAIL  proto tcp  from any to 192.168.0.0/24  label "USER_RULE"
    pass  in  quick  on $MAIL  $GWGW_AON  proto tcp  from any to  ! $CEN_LAN port 22  flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE"
    pass  in  quick  on $MAIL  $GWGW_AON  proto tcp  from any to  ! $CEN_LAN port 873  flags S/SA keep state  queue (qOthersHigh,qACK)  label "USER_RULE"
    pass  in  quick  on $MAIL  $GWmx_failover  proto tcp  from any to  ! $CEN_LAN port 25  flags S/SA keep state  queue (qOthersLow,qACK)  label "USER_RULE: SMTP raus"
    pass  in  quick  on $MAIL  from any to  ! $CEN_LAN keep state  label "USER_RULE"
    block  in  quick  on $UPC_ASYNC reply-to ( fxp0 <gw_upcasync_ip>)  proto udp  from any to   255.255.255.255 port 68   label "USER_RULE: Silence UPC dhcp offers"
    pass  in  quick  on $UPC_ASYNC reply-to ( fxp0 <gw_upcasync_ip>)  inet proto icmp  from any to any icmp-type echorep keep state  label "USER_RULE: ICMP ECHO REPLY"
    pass  in  quick  on $UPC_ASYNC reply-to ( fxp0 <gw_upcasync_ip>)  inet proto icmp  from any to any icmp-type echoreq keep state  label "USER_RULE: ICMP ECHO"
    pass  in  quick  on $UPC_ASYNC reply-to ( fxp0 <gw_upcasync_ip>)  proto tcp  from any to <ip_upcasync_subnet>port 5556  flags S/SA keep state  queue (qACK,qOthersHigh)  label "USER_RULE: Webinterface remote access"
    pass  in  quick  on $UPC_ASYNC reply-to ( fxp0 <gw_upcasync_ip>)  proto tcp  from any to <ip_upcasync_subnet>port 65002  flags S/SA keep state  queue (qACK,qOthersHigh)  label "USER_RULE: SSH access"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 587   label "USER_RULE: NAT 587 mx_aon"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to <1st_ip_AON_SUBNET> port 5556  flags S/SA keep state  label "USER_RULE: Webinterface remote access"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to <1st_ip_AON_SUBNET> port 65002  flags S/SA keep state  label "USER_RULE: SSH remote access"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  inet proto icmp  from any to <1st_ip_AON_SUBNET> icmp-type echoreq keep state  label "USER_RULE: ECHO"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  inet proto icmp  from any to any icmp-type echorep keep state  label "USER_RULE: ECHO REPLY"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto { tcp udp }  from any to <1st_ip_AON_SUBNET> port 12002  keep state  label "USER_RULE: OpenVPN Tech wizard rules."
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto udp  from  ! $CEN_LAN to <1st_ip_AON_SUBNET> port 1194  keep state  label "USER_RULE: OpenVPN Mitarbeiter"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 25   label "USER_RULE: NAT SMTP mx_aon"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 465   label "USER_RULE: NAT SMTPS mx_aon"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 465   label "USER_RULE: NAT SMTPS mx2"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 25   label "USER_RULE: NAT SMTP mx2"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 587   label "USER_RULE: NAT 587 mx2"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 5729   label "USER_RULE: NAT UAL Scalix aon"
    pass   in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 5767   label "USER_RULE: NAT UALS Scalix aon"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 993  flags S/SA keep state ( max-src-states 20 max-src-conn-rate 30 /2, overload <virusprot>flush global  )  label "USER_RULE: NAT IMAPS Scalix aon"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 443  flags S/SA keep state ( max-src-states 20 max-src-conn-rate 10 /2, overload <virusprot>flush global  )  label "USER_RULE: NAT HTTPS Scalix aon"
    pass  in  quick  on $AON reply-to ( em0 <gw_aon_ip>)  proto tcp  from any to   192.168.222.2 port 80  flags S/SA keep state ( max-src-states 20 max-src-conn-rate 10 /2, overload <virusprot>flush global  )  label "USER_RULE: NAT HTTP Scalix aon"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $akjfdb keep state  label "USER_RULE"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $Maint keep state  label "USER_RULE: Maint Debian"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $mailserver keep state  label "USER_RULE"
    block  in  quick  on $OpenVPN  proto udp  from any to any port 161   label "USER_RULE: SNMP queries to silence fw log"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from any to any port 3389  keep state  label "USER_RULE"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $mssql port $SQL  keep state  queue (qUltraHigh,qACK)  label "USER_RULE: mssql"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $mssql port $Avira  keep state  label "USER_RULE: Avira Server"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $mssql port $Avira  to any keep state  label "USER_RULE: Avira Server"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $mssql port $samba  keep state  queue (qACK,qOthersHigh)  label "USER_RULE: mssql smb"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $storage1 port $samba  keep state  queue (qACK,qOthersHigh)  label "USER_RULE: Storage"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to any port 53  keep state  queue (qACK,qDefault)  label "USER_RULE: DNS"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to any port 123  keep state  label "USER_RULE: NTP"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $Printer keep state  label "USER_RULE: Printer"
    pass  in  quick  on $OpenVPN  inet proto icmp  from   $OpenVPNEmployes to any icmp-type echoreq keep state  label "USER_RULE: ICMP ECHO"
    pass  in  quick  on $OpenVPN  proto { tcp udp }  from   $OpenVPNEmployes to   $Backup1 port $samba  keep state  label "USER_RULE: Backup1 Samba"
    pass  in  quick  on $OpenVPN  proto tcp  from   $OpenVPNEmployes to   $Backup1 port 80  flags S/SA keep state  label "USER_RULE: Backup1 HTTP"
    pass  in  quick  on $OpenVPN  proto tcp  from   $OpenVPNEmployes to   $Backup1 port 443  flags S/SA keep state  label "USER_RULE: Backup1 HTTPS"
    pass  in  quick  on $OpenVPN  from   $Maxnet to any keep state  queue (qACK,qOthersLow)  label "USER_RULE: OpenVPN Tech wizard rules."
    pass  in  quick  on $LAN  from   192.168.0.239  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWGW_UPC  from   192.168.0.239 to any keep state  label "USER_RULE: temp storage"
    block  in  quick  on $LAN  proto tcp  from any to any port 5223   label "USER_RULE: iPhonedreck"
    block  in  quick  on $LAN  proto { tcp udp }  from   $mssql to   229.111.112.12 port 3071   label "USER_RULE: Silence MSM"
    block  in  quick  on $LAN  proto udp  from any to any port 1900   label "USER_RULE: Silence MSN Messenger Broadcast"
    block  in  quick  on $LAN  proto { tcp udp }  from any to any port 3544   label "USER_RULE: Silence ipv6 tunneling"
    block  in  quick  on $LAN  proto udp  from 192.168.0.0/24 to any port 3478   label "USER_RULE: Silence STUN"
    block  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN to <1st_ip_AON_SUBNET> port 1194   label "USER_RULE: Silence Lan -> OpenVPN Port AON"
    pass  in  quick  on $LAN  proto udp  from any to   255.255.255.255 port 161  keep state  label "USER_RULE: SNMP"
    pass  in  quick  on $LAN  proto udp  from any to   255.255.255.255 port 10260  keep state  label "USER_RULE: Axis Annoyance"
    pass  in  quick  on $LAN  proto udp  from any to 192.168.0.0/24 port 10260  keep state  label "USER_RULE: Axis Annoyance Lan"
    pass  in  quick  on $LAN  proto tcp  from any to 192.168.0.3 port 65002  flags S/SA keep state  label "USER_RULE: SSH access"
    pass  in  quick  on $LAN  proto udp  from any to   255.255.255.255 port 3490  keep state  label "USER_RULE: Colubris Management"
    pass  in  quick  on $LAN  proto udp  from any to   $CEN_LAN port 3490  keep state  label "USER_RULE: Colubris Management"
    pass  in  quick  on $LAN  proto udp  from any to   255.255.255.255 port 1800  keep state  label "USER_RULE: Colubris"
    pass  in  quick  on $LAN  proto udp  from any to   $CEN_LAN port 1800  keep state  label "USER_RULE: Colubris"
    pass  in  quick  on $LAN  proto udp  from   192.168.0.20 to any port 427  keep state  label "USER_RULE: esx 427"
    pass  in  quick  on $LAN  proto udp  from any to   192.168.0.255 port 138  keep state  label "USER_RULE: 138 Multicast"
    pass  in  quick  on $LAN  proto udp  from any to   192.168.0.255 port 137  keep state  label "USER_RULE: 137 Multicast"
    pass  in  quick  on $LAN  from any to   192.168.100.0/24 keep state  label "USER_RULE: 192.168.100.0"
    pass  in  quick  on $LAN  from any to   192.168.1.1/24 keep state  label "USER_RULE: 192.168.1.1"
    pass  in  quick  on $LAN  inet proto icmp  from   $CEN_LAN to any icmp-type echoreq keep state  label "USER_RULE: ICMP ECHO"
    pass  in  quick  on $LAN  inet proto icmp  from   $CEN_LAN to any icmp-type echorep keep state  label "USER_RULE: ICMP ECHO REPLY"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN to any port 5556  flags S/SA keep state  label "USER_RULE: Webinterface"
    pass  in  quick  on $LAN  proto udp  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto udp  from   $CEN_LAN to any port 53  keep state  label "USER_RULE: DNS"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 80  flags S/SA keep state  label "USER_RULE: HTTP"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 143  flags S/SA keep state  label "USER_RULE: IMAP"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 993  flags S/SA keep state  label "USER_RULE: IMAPS"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 110  flags S/SA keep state  label "USER_RULE: POP3"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 995  flags S/SA keep state  label "USER_RULE: POP3S"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 25  flags S/SA keep state  label "USER_RULE: SMTP"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 465  flags S/SA keep state  label "USER_RULE: SMTPS"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 587  flags S/SA keep state  label "USER_RULE: SMTP TLS"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 443  flags S/SA keep state  label "USER_RULE: HTTPS"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 8080  flags S/SA keep state  label "USER_RULE: HTTP 8080"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 8008  flags S/SA keep state  label "USER_RULE: HTTP 8008"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 21  flags S/SA keep state  label "USER_RULE: FTP"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 22  flags S/SA keep state  label "USER_RULE: SSH"
    pass  in  quick  on $LAN  proto tcp  from   $CEN_LAN  to <vpns>flags S/SA keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto tcp  from   $CEN_LAN to any port 23  flags S/SA keep state  label "USER_RULE: Telnet"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 8000  keep state  label "USER_RULE: Webradio 1"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 6666  keep state  label "USER_RULE: Webradio 2"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 1935  keep state  label "USER_RULE: Webradio 3"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 2683  keep state  label "USER_RULE: ELBA 1"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN to any port 6128  keep state  label "USER_RULE: DAMEWARE"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 5900  keep state  label "USER_RULE: VNC"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto { tcp udp }  from   $CEN_LAN to any port 3048  keep state  label "USER_RULE: ELBA 2"
    pass  in  quick  on $LAN  proto udp  from   $CEN_LAN  to <vpns>keep state  label "NEGATE_ROUTE: Negate policy route for vpn(s)"
    pass  in  quick  on $LAN  $GWLoadBalance  proto udp  from   $CEN_LAN to any port 123  keep state  label "USER_RULE: NTP"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN to   $OpenVPNEmployes port 7030  keep state  label "USER_RULE: Avira Server --> OpenVPN"
    pass  in  quick  on $LAN  proto { tcp udp }  from   $CEN_LAN to   $OpenVPNEmployes port 136 >< 140  keep state  label "USER_RULE: smb --> OpenVPN"
    pass  in  quick  on $LAN  from any to   $RemoteSites keep state  label "USER_RULE: LAN -> RemoteSites"
    pass  in  quick  on $LAN  from any to   $OpenVPNEmployes keep state  label "USER_RULE: LAN -> OpenVPN Mitarbeiter"
    pass  in log  quick  on $IPsec  proto tcp  from any to   $Maxnet flags S/SA keep state  label "USER_RULE"
    block  in  quick  on $IPsec  proto udp  from any to 192.168.0.3 port 10260   label "USER_RULE: Axis Annoyance"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $mssql port $SQL  keep state  queue (qUltraHigh,qACK)  label "USER_RULE: MSSQL"
    pass  in  quick  on $IPsec  proto { tcp udp }  from   $RemoteSites to   $mssql port $Avira  keep state  label "USER_RULE: Avira Server"
    pass  in  quick  on $IPsec  proto { tcp udp }  from   $RemoteSites to   $Maint keep state  label "USER_RULE: maintdeb"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any port $Avira  to   $RemoteSites keep state  label "USER_RULE: Avira Server"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $storage1 port $samba  keep state  queue (qACK,qOthersHigh)  label "USER_RULE: Storage"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   192.168.0.121 port $samba  keep state  queue (qACK,qDefault)  label "USER_RULE: ChristinePC Scan Freigabe"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to any port 53  keep state  queue (qACK,qDefault)  label "USER_RULE: DNS"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to any port 123  keep state  label "USER_RULE: NTP"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $mailserver keep state  queue (qACK,qOthersHigh)  label "USER_RULE: mailserver"
    pass  in  quick  on $IPsec  inet proto icmp  from any to any icmp-type echoreq keep state  label "USER_RULE: ICMP ECHO"
    pass  in  quick  on $IPsec  inet proto icmp  from any to any icmp-type echorep keep state  label "USER_RULE: ICMP ECHO REPLY"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $mssql port $samba  keep state  queue (qACK,qOthersHigh)  label "USER_RULE: WinSRV1 Samba"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $Backup1 port $samba  keep state  queue (qACK,qDefault)  label "USER_RULE: Backup1 Samba"
    pass  in  quick  on $IPsec  proto tcp  from any to   $Backup1 port 80  flags S/SA keep state  label "USER_RULE: Backup1 HTTP"
    pass  in  quick  on $IPsec  proto tcp  from any to   $Backup1 port 443  flags S/SA keep state  label "USER_RULE: Backup1 HTTPS"
    pass  in  quick  on $IPsec  proto { tcp udp }  from any to   $Printer keep state  queue (qACK,qDefault)  label "USER_RULE: Printer Front"
    
    # VPN Rules
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto udp from any to <remotesite2_wanip>port = 500 keep state label \"IPsec: REMOTESITE2 - outbound isakmp\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto udp from <remotesite2_wanip>to any port = 500 keep state label \"IPsec: REMOTESITE2 - inbound isakmp\"
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto esp from any to <remotesite2_wanip>keep state label \"IPsec: REMOTESITE2 - outbound esp proto\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto esp from <remotesite2_wanip>to any keep state label \"IPsec: REMOTESITE2 - inbound esp proto\"
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto udp from any to <remotesite3_wanip>port = 500 keep state label \"IPsec: REMOTESITE3 - outbound isakmp\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto udp from <remotesite3_wanip>to any port = 500 keep state label \"IPsec: REMOTESITE3 - inbound isakmp\"
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto esp from any to <remotesite3_wanip>keep state label \"IPsec: REMOTESITE3 - outbound esp proto\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto esp from <remotesite3_wanip>to any keep state label \"IPsec: REMOTESITE3 - inbound esp proto\"
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto udp from any to <remotesite1_wanip>port = 500 keep state label \"IPsec: REMOTESITE4 - outbound isakmp\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto udp from <remotesite1_wanip>to any port = 500 keep state label \"IPsec: REMOTESITE4 - inbound isakmp\"
    pass out on $AON  route-to ( em0 <gw_aon_ip>)  proto esp from any to <remotesite1_wanip>keep state label \"IPsec: REMOTESITE4 - outbound esp proto\"
    pass in on $AON  reply-to ( em0 <gw_aon_ip>)  proto esp from <remotesite1_wanip>to any keep state label \"IPsec: REMOTESITE4 - inbound esp proto\"
    # package manager late specific hook
    anchor "packagelate"
    
    anchor "tftp-proxy/*"
    
    anchor "limitingesr"
    
    # uPnPd
    anchor "miniupnpd"</remotesite1_wanip></gw_aon_ip></remotesite1_wanip></gw_aon_ip></remotesite1_wanip></gw_aon_ip></remotesite1_wanip></gw_aon_ip></remotesite3_wanip></gw_aon_ip></remotesite3_wanip></gw_aon_ip></remotesite3_wanip></gw_aon_ip></remotesite3_wanip></gw_aon_ip></remotesite2_wanip></gw_aon_ip></remotesite2_wanip></gw_aon_ip></remotesite2_wanip></gw_aon_ip></remotesite2_wanip></gw_aon_ip></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></virusprot></gw_aon_ip></virusprot></gw_aon_ip></virusprot></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></gw_aon_ip></ip_upcasync_subnet></gw_upcasync_ip></ip_upcasync_subnet></gw_upcasync_ip></gw_upcasync_ip></gw_upcasync_ip></gw_upcasync_ip></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></vpns></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></gw_upc_ip></backuphost_ip></backuphost_ip></backuphost_ip></upcasync_network></ip_upcasync_subnet></gw_upcasync_ip></aonif_network></gw_aon_ip></upcif_network></gw_upc_ip></bogons></bogons></bogons></bogons></virusprot></sshlockout></snort2c></snort2c></upcasync_network></aonif_network></upcif_network></direct_networks></vpns></ip_upcasync_subnet></ip_upcasync_subnet></backuphost_ip></backuphost_ip></ip_upcasync_subnet></ip_upcasync_subnet></backuphost_ip></gw_upc_ip></gw_upcasync_ip></gw_upcasync_ip></gw_aon_ip></gw_upc_ip></winsrv1></winsrv1></uul_lan></uul_lan></storage1></storage1></openvpntech></openvpntech></openvpnemployes></openvpnemployes></mx_upc></mx_upc></mssql></mssql></maxnet></maxnet></maint></maint></mailserver></mailserver></cen_lan></cen_lan></printer></printer></backup1></backup1></remotesites></remotesites></akjfdb></akjfdb></virusprot></snort2c></sshlockout> 
    


  • BTW: reading a bit over my posted log I noticed some entries for snort. I once installed it, but removed it long ago.



  • anyone else getting these errors?



  • Ok I tried Sat Nov 13 21:38:35 snapshot

    Same errors and some rules or gateway groups aren't working. For example I can't access any host on port 25 from my "mail" interface while ssh outgoing is fine.
    Port 25 outgoing is using gatewaygroup "GWmx_failover" (see rules.debug posted above) which consists of 2 gateways on 2 different wan interfaces configured for static ips ( <gw_upc>Tier1 and <gw_aon>Tier2). Additionally it's using AON to SNAT source ips for connections originating from the "mail" interface.

    This was working fine till snapshot from 12th oct. (the last one I tried before upgrading to recent Nov. snapshots).

    Unfortunately being in a hurry to get the mailserver online again, I forgot to grab the current rules.debug.
    The rules.debug I previously posted should still apply (I hope?), although interface names differ as this is another machine (but same config)

    If it helps I could send you my config by mail.

    Here's the system.log:

    
    Nov 14 13:22:55 pfsense1 syslogd: kernel boot file is /boot/kernel/kernel
    Nov 14 13:22:55 pfsense1 kernel: Copyright (c) 1992-2010 The FreeBSD Project.
    Nov 14 13:22:55 pfsense1 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Nov 14 13:22:55 pfsense1 kernel: The Regents of the University of California. All rights reserved.
    Nov 14 13:22:55 pfsense1 kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
    Nov 14 13:22:55 pfsense1 kernel: FreeBSD 8.1-RELEASE-p1 #1: Sat Nov 13 21:36:48 EST 2010
    Nov 14 13:22:55 pfsense1 kernel: sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
    Nov 14 13:22:55 pfsense1 kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
    Nov 14 13:22:55 pfsense1 kernel: CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2793.90-MHz 686-class CPU)
    Nov 14 13:22:55 pfsense1 kernel: Origin = "GenuineIntel"  Id = 0xf29  Family = f  Model = 2  Stepping = 9
    Nov 14 13:22:55 pfsense1 kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Nov 14 13:22:55 pfsense1 kernel: Features2=0x4400 <cnxt-id,xtpr>Nov 14 13:22:55 pfsense1 kernel: real memory  = 3221225472 (3072 MB)
    Nov 14 13:22:55 pfsense1 kernel: avail memory = 3141349376 (2995 MB)
    Nov 14 13:22:55 pfsense1 kernel: ACPI APIC Table: <ibm  =""  seronyxp="">Nov 14 13:22:55 pfsense1 kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
    Nov 14 13:22:55 pfsense1 kernel: FreeBSD/SMP: 2 package(s) x 1 core(s) x 2 HTT threads
    Nov 14 13:22:55 pfsense1 kernel: cpu0 (BSP): APIC ID:  0
    Nov 14 13:22:55 pfsense1 kernel: cpu1 (AP/HT): APIC ID:  1
    Nov 14 13:22:55 pfsense1 kernel: cpu2 (AP): APIC ID:  6
    Nov 14 13:22:55 pfsense1 kernel: cpu3 (AP/HT): APIC ID:  7
    Nov 14 13:22:55 pfsense1 kernel: MADT: Forcing active-low polarity and level trigger for SCI
    Nov 14 13:22:55 pfsense1 kernel: ioapic2 <version 1.1="">irqs 32-47 on motherboard
    Nov 14 13:22:55 pfsense1 kernel: ioapic1 <version 1.1="">irqs 16-31 on motherboard
    Nov 14 13:22:55 pfsense1 kernel: ioapic0 <version 1.1="">irqs 0-15 on motherboard
    Nov 14 13:22:55 pfsense1 kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 14 13:22:55 pfsense1 kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 14 13:22:55 pfsense1 kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc075aa40, 0) error 1
    Nov 14 13:22:55 pfsense1 kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 14 13:22:55 pfsense1 kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 14 13:22:55 pfsense1 kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc075ab00, 0) error 1
    Nov 14 13:22:55 pfsense1 kernel: wlan: mac acl policy registered
    Nov 14 13:22:55 pfsense1 kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    Nov 14 13:22:55 pfsense1 kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    Nov 14 13:22:55 pfsense1 kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc075abc0, 0) error 1
    Nov 14 13:22:55 pfsense1 kernel: wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
    Nov 14 13:22:55 pfsense1 kernel: wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
    Nov 14 13:22:55 pfsense1 kernel: module_register_init: MOD_LOAD (wpi_fw, 0xc094f730, 0) error 1
    Nov 14 13:22:55 pfsense1 kernel: kbd1 at kbdmux0
    Nov 14 13:22:55 pfsense1 kernel: cryptosoft0: <software crypto="">on motherboard
    Nov 14 13:22:55 pfsense1 kernel: padlock0: No ACE support.
    Nov 14 13:22:55 pfsense1 kernel: acpi0: <ibm seronyxp="">on motherboard
    Nov 14 13:22:55 pfsense1 kernel: acpi0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: acpi0: Power Button (fixed)
    Nov 14 13:22:55 pfsense1 kernel: acpi0: reservation of 460, 2 (4) failed
    Nov 14 13:22:55 pfsense1 kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
    Nov 14 13:22:55 pfsense1 kernel: acpi_timer0: <32-bit timer at 3.579545MHz> port 0x488-0x48b on acpi0
    Nov 14 13:22:55 pfsense1 kernel: cpu0: <acpi cpu="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: cpu1: <acpi cpu="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: cpu2: <acpi cpu="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: cpu3: <acpi cpu="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pcib0: <acpi host-pci="" bridge="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pci0: <acpi pci="" bus="">on pcib0
    Nov 14 13:22:55 pfsense1 kernel: vgapci0: <vga-compatible display="">port 0x2400-0x24ff mem 0xf0000000-0xf7ffffff,0xfebf0000-0xfebfffff irq 24 at device 5.0 on pci0
    Nov 14 13:22:55 pfsense1 kernel: atapci0: <serverworks csb5="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x700-0x70f at device 15.1 on pci0
    Nov 14 13:22:55 pfsense1 kernel: ata0: <ata 0="" channel="">on atapci0
    Nov 14 13:22:55 pfsense1 kernel: ata0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: ata1: <ata 1="" channel="">on atapci0
    Nov 14 13:22:55 pfsense1 kernel: ata1: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: ohci0: <ohci (generic)="" usb="" controller="">mem 0xfebef000-0xfebeffff irq 11 at device 15.2 on pci0
    Nov 14 13:22:55 pfsense1 kernel: ohci0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: usbus0: <ohci (generic)="" usb="" controller="">on ohci0
    Nov 14 13:22:55 pfsense1 kernel: isab0: <pci-isa bridge="">at device 15.3 on pci0
    Nov 14 13:22:55 pfsense1 kernel: isa0: <isa bus="">on isab0
    Nov 14 13:22:55 pfsense1 kernel: pcib1: <acpi host-pci="" bridge="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pci2: <acpi pci="" bus="">on pcib1
    Nov 14 13:22:55 pfsense1 kernel: pcib2: <acpi host-pci="" bridge="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pci4: <acpi pci="" bus="">on pcib2
    Nov 14 13:22:55 pfsense1 kernel: pcib3: <pci-pci bridge="">at device 4.0 on pci4
    Nov 14 13:22:55 pfsense1 kernel: pci5: <pci bus="">on pcib3
    Nov 14 13:22:55 pfsense1 kernel: fxp0: <intel 100="" 82550="" pro="" ethernet="">port 0x3000-0x303f mem 0xef040000-0xef040fff,0xef000000-0xef01ffff irq 22 at device 4.0 on pci5
    Nov 14 13:22:55 pfsense1 kernel: miibus0: <mii bus="">on fxp0
    Nov 14 13:22:55 pfsense1 kernel: inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
    Nov 14 13:22:55 pfsense1 kernel: inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 14 13:22:55 pfsense1 kernel: fxp0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: fxp1: <intel 100="" 82550="" pro="" ethernet="">port 0x3040-0x307f mem 0xef041000-0xef041fff,0xef020000-0xef03ffff irq 23 at device 5.0 on pci5
    Nov 14 13:22:55 pfsense1 kernel: miibus1: <mii bus="">on fxp1
    Nov 14 13:22:55 pfsense1 kernel: inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
    Nov 14 13:22:55 pfsense1 kernel: inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Nov 14 13:22:55 pfsense1 kernel: fxp1: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: pcib4: <acpi host-pci="" bridge="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pci6: <acpi pci="" bus="">on pcib4
    Nov 14 13:22:55 pfsense1 kernel: em0: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4000-0x403f mem 0xecfe0000-0xecffffff irq 16 at device 1.0 on pci6
    Nov 14 13:22:55 pfsense1 kernel: em0: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: em1: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4040-0x407f mem 0xecfc0000-0xecfdffff irq 17 at device 1.1 on pci6
    Nov 14 13:22:55 pfsense1 kernel: em1: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: em2: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x4080-0x40bf mem 0xecfa0000-0xecfbffff irq 29 at device 8.0 on pci6
    Nov 14 13:22:55 pfsense1 kernel: em2: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: em3: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.2="">port 0x40c0-0x40ff mem 0xecf80000-0xecf9ffff irq 30 at device 8.1 on pci6
    Nov 14 13:22:55 pfsense1 kernel: em3: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: pcib5: <acpi host-pci="" bridge="">on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pci8: <acpi pci="" bus="">on pcib5
    Nov 14 13:22:55 pfsense1 kernel: ips0: <ibm serveraid="" adapter="">mem 0xe4000000-0xe7ffffff irq 18 at device 2.0 on pci8
    Nov 14 13:22:55 pfsense1 kernel: ips0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5 irq 6 drq 2 on acpi0
    Nov 14 13:22:55 pfsense1 kernel: fdc0: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
    Nov 14 13:22:55 pfsense1 kernel: uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Nov 14 13:22:55 pfsense1 kernel: uart0: [FILTER]
    Nov 14 13:22:55 pfsense1 kernel: atrtc0: <at realtime="" clock="">port 0x70-0x73 irq 8 on acpi0
    Nov 14 13:22:55 pfsense1 kernel: pmtimer0 on isa0
    Nov 14 13:22:55 pfsense1 kernel: orm0: <isa option="" roms="">at iomem 0xc0000-0xcafff,0xcb000-0xce7ff,0xce800-0xcffff,0xd0000-0xd17ff pnpid ORM0000 on isa0
    Nov 14 13:22:55 pfsense1 kernel: sc0: <system console="">at flags 0x100 on isa0
    Nov 14 13:22:55 pfsense1 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Nov 14 13:22:55 pfsense1 kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Nov 14 13:22:55 pfsense1 kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    Nov 14 13:22:55 pfsense1 kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
    Nov 14 13:22:55 pfsense1 kernel: kbd0 at atkbd0
    Nov 14 13:22:55 pfsense1 kernel: atkbd0: [GIANT-LOCKED]
    Nov 14 13:22:55 pfsense1 kernel: atkbd0: [ITHREAD]
    Nov 14 13:22:55 pfsense1 kernel: ppc0: parallel port not found.
    Nov 14 13:22:55 pfsense1 kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
    Nov 14 13:22:55 pfsense1 kernel: p4tcc1: <cpu frequency="" thermal="" control="">on cpu1
    Nov 14 13:22:55 pfsense1 kernel: p4tcc2: <cpu frequency="" thermal="" control="">on cpu2
    Nov 14 13:22:55 pfsense1 kernel: p4tcc3: <cpu frequency="" thermal="" control="">on cpu3
    Nov 14 13:22:55 pfsense1 kernel: Timecounters tick every 1.000 msec
    Nov 14 13:22:55 pfsense1 kernel: IPsec: Initialized Security Association Processing.
    Nov 14 13:22:55 pfsense1 kernel: usbus0: 12Mbps Full Speed USB v1.0
    Nov 14 13:22:55 pfsense1 kernel: ugen0.1: <(0x1166)> at usbus0
    Nov 14 13:22:55 pfsense1 kernel: uhub0: <(0x1166) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
    Nov 14 13:22:55 pfsense1 kernel: acd0: CDROM <lg cd-rom="" crn-8245b="" 1.16="">at ata0-master UDMA33 
    Nov 14 13:22:55 pfsense1 kernel: ips0: resetting adapter, this may take up to 5 minutes
    Nov 14 13:22:55 pfsense1 kernel: ips0: adapter type: ServeRAID 5i II (sarasota)
    Nov 14 13:22:55 pfsense1 kernel: ips0: logical drives: 1
    Nov 14 13:22:55 pfsense1 kernel: ips0: Logical Drive 0: RAID1 sectors: 106641408, state OK
    Nov 14 13:22:55 pfsense1 kernel: ipsd0: <logical drive="">on ips0
    Nov 14 13:22:55 pfsense1 kernel: ipsd0: Logical Drive  (52071MB)
    Nov 14 13:22:55 pfsense1 kernel: SMP: AP CPU #2 Launched!
    Nov 14 13:22:55 pfsense1 kernel: SMP: AP CPU #1 Launched!
    Nov 14 13:22:55 pfsense1 kernel: SMP: AP CPU #3 Launched!
    Nov 14 13:22:55 pfsense1 kernel: uhub0: 4 ports with 4 removable, self powered
    Nov 14 13:22:55 pfsense1 kernel: ugen0.2: <ibm>at usbus0
    Nov 14 13:22:55 pfsense1 kernel: ukbd0: <hid kb="">on usbus0
    Nov 14 13:22:55 pfsense1 kernel: kbd2 at ukbd0
    Nov 14 13:22:55 pfsense1 kernel: ums0: <hid ms="">on usbus0
    Nov 14 13:22:55 pfsense1 kernel: ums0: 3 buttons and [Z] coordinates ID=0
    Nov 14 13:22:55 pfsense1 kernel: uhid0: <hid sys="">on usbus0
    Nov 14 13:22:55 pfsense1 kernel: Trying to mount root from ufs:/dev/ipsd0s1a
    Nov 14 13:22:55 pfsense1 check_reload_status: reloading filter
    Nov 14 13:22:55 pfsense1 check_reload_status: reloading filter
    Nov 14 13:22:55 pfsense1 kernel: pflog0: promiscuous mode enabled
    Nov 14 13:22:56 pfsense1 php: : Gateways status could not be determined, considering all as up/active.
    Nov 14 13:22:56 pfsense1 php: : Gateways status could not be determined, considering all as up/active.
    Nov 14 13:22:56 pfsense1 check_reload_status: Linkup starting em1
    Nov 14 13:22:56 pfsense1 kernel: vip2: INIT -> BACKUP
    Nov 14 13:22:56 pfsense1 kernel: vip3: INIT -> BACKUP
    Nov 14 13:22:56 pfsense1 kernel: em1: link state changed to UP
    Nov 14 13:22:56 pfsense1 kernel: vip2: 2 link states coalesced
    Nov 14 13:22:56 pfsense1 kernel: vip2: link state changed to DOWN
    Nov 14 13:22:56 pfsense1 kernel: vip3: 2 link states coalesced
    Nov 14 13:22:56 pfsense1 kernel: vip3: link state changed to DOWN
    Nov 14 13:22:56 pfsense1 check_reload_status: Linkup starting em0
    Nov 14 13:22:56 pfsense1 kernel: em0: link state changed to UP
    Nov 14 13:22:56 pfsense1 php: : Gateways status could not be determined, considering all as up/active.
    Nov 14 13:22:57 pfsense1 last message repeated 3 times
    Nov 14 13:22:57 pfsense1 check_reload_status: Linkup starting em2
    Nov 14 13:22:57 pfsense1 kernel: em2: link state changed to UP
    Nov 14 13:22:57 pfsense1 kernel: em2_vlan16: link state changed to UP
    Nov 14 13:22:57 pfsense1 kernel: em2_vlan8: link state changed to UP
    Nov 14 13:22:57 pfsense1 check_reload_status: Linkup starting em3
    Nov 14 13:22:57 pfsense1 kernel: vip1: INIT -> BACKUP
    Nov 14 13:22:57 pfsense1 kernel: em3: link state changed to UP
    Nov 14 13:22:57 pfsense1 kernel: vip1: 2 link states coalesced
    Nov 14 13:22:57 pfsense1 kernel: vip1: link state changed to DOWN
    Nov 14 13:22:57 pfsense1 php: : Gateways status could not be determined, considering all as up/active.
    Nov 14 13:22:57 pfsense1 last message repeated 3 times
    Nov 14 13:22:59 pfsense1 kernel: vip2: link state changed to UP
    Nov 14 13:22:59 pfsense1 kernel: vip3: link state changed to UP
    Nov 14 13:22:59 pfsense1 php: : The command '/usr/local/sbin/relayd -f /var/etc/relayd.conf' returned exit code '1', the output was '/var/etc/relayd.conf:3: syntax error no redirections, nothing to do' 
    Nov 14 13:22:59 pfsense1 php: : Removing static route for monitor 80.120.17.70 and adding a new route through <gw_aon_ip>Nov 14 13:22:59 pfsense1 apinger: Starting Alarm Pinger, apinger(50714)
    Nov 14 13:23:00 pfsense1 kernel: vip1: link state changed to UP
    Nov 14 13:23:00 pfsense1 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy' 
    Nov 14 13:23:00 pfsense1 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy' 
    Nov 14 13:23:01 pfsense1 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]: 
    Nov 14 13:23:01 pfsense1 php: : There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [ DIOCADDRULE]: 
    Nov 14 13:23:03 pfsense1 apinger: ALARM: UPC_GW_ASYNC(<gw_upcasync_ip>)  *** UPC_GW_ASYNCdown ***
    Nov 14 13:23:08 pfsense1 php: : ROUTING: add default route to <gw_upc_ip>Nov 14 13:23:09 pfsense1 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    Nov 14 13:23:09 pfsense1 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    Nov 14 13:23:09 pfsense1 dhcpd: All rights reserved.
    Nov 14 13:23:09 pfsense1 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: started, version 2.55 cachesize 10000
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: compile time options: no-IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Nov 14 13:23:09 pfsense1 check_reload_status: updating all dyndns
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: reading /etc/resolv.conf
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: using nameserver 80.120.17.70#53
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: using nameserver 213.33.99.70#53
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: using nameserver 195.58.161.122#53
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: using nameserver 195.58.160.194#53
    Nov 14 13:23:09 pfsense1 dnsmasq[53490]: read /etc/hosts - 46 addresses
    Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint1_ip>via <gw_aon_ip>Nov 14 13:23:10 pfsense1 php: : The command '/sbin/route delete -host <ipsec_endpoint1_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint1_ip>: not in table' 
    Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint2_ip>via <gw_aon_ip>Nov 14 13:23:10 pfsense1 php: : The command '/sbin/route delete -host <ipsec_endpoint2_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint2_ip>: not in table' 
    Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint3_ip>via <gw_aon_ip>Nov 14 13:23:10 pfsense1 php: : The command '/sbin/route delete -host <ipsec_endpoint3_ip>' returned exit code '1', the output was 'route: writing to routing socket: No such process delete host <ipsec_endpoint3_ip>: not in table' 
    Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint1_ip>via <gw_aon_ip>Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint2_ip>via <gw_aon_ip>Nov 14 13:23:10 pfsense1 php: : IPSEC interface is not WAN but opt1, adding static route for VPN endpoint <ipsec_endpoint3_ip>via <gw_aon_ip>Nov 14 13:23:12 pfsense1 php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group
    Nov 14 13:23:13 pfsense1 check_reload_status: reloading filter
    Nov 14 13:23:14 pfsense1 php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queues.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-queuedrops.rrd -t :wan:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queues.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-queuedrops.rrd -t :lan:qInternet:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queues.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt1-queuedrops.rrd -t :opt1:qACK:qDefault:qOthersHigh:qOthersLow:qUltraHigh N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queues.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt2-queuedrops.rrd -t :opt2:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queues.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:14 pfsense1 php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/opt3-queuedrops.rrd -t :opt3:qInternet:qACK:qDefault:qOthersHigh:qOthersLow N:U:U:U:U:U:U' returned exit code '1', the output was 'ERROR: unknown DS name ''' 
    Nov 14 13:23:15 pfsense1 php: : Creating rrd update script
    Nov 14 13:23:15 pfsense1 php: : Resyncing configuration for all packages.
    Nov 14 13:23:18 pfsense1 login: login on ttyv0 as root
    Nov 14 13:23:18 pfsense1 sshlockout[54463]: sshlockout v2.0 starting up
    Nov 14 13:23:18 pfsense1 sshlockout[54463]: sshlockout v2.0 starting up
    Nov 14 13:23:21 pfsense1 kernel: WARNING: pseudo-random number generator used for IPsec processing
    Nov 14 13:27:16 pfsense1 kernel: fxp0: link state changed to DOWN
    Nov 14 13:28:20 pfsense1 check_reload_status: syncing firewall
    Nov 14 13:28:23 pfsense1 check_reload_status: syncing firewall
    Nov 14 13:28:23 pfsense1 check_reload_status: reloading filter
    Nov 14 13:28:24 pfsense1 php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group
    Nov 14 13:28:53 pfsense1 check_reload_status: syncing firewall
    Nov 14 13:28:56 pfsense1 check_reload_status: syncing firewall
    Nov 14 13:28:56 pfsense1 check_reload_status: reloading filter
    Nov 14 13:28:57 pfsense1 php: : MONITOR: UPC_GW_ASYNC has high latency, removing from routing group</gw_aon_ip></ipsec_endpoint3_ip></gw_aon_ip></ipsec_endpoint2_ip></gw_aon_ip></ipsec_endpoint1_ip></ipsec_endpoint3_ip></ipsec_endpoint3_ip></gw_aon_ip></ipsec_endpoint3_ip></ipsec_endpoint2_ip></ipsec_endpoint2_ip></gw_aon_ip></ipsec_endpoint2_ip></ipsec_endpoint1_ip></ipsec_endpoint1_ip></gw_aon_ip></ipsec_endpoint1_ip></gw_upc_ip></gw_upcasync_ip></gw_aon_ip></hid></hid></hid></ibm></logical></lg></cpu></cpu></cpu></cpu></at></keyboard></generic></system></isa></at></floppy></ibm></acpi></acpi></intel(r)></intel(r)></intel(r)></intel(r)></acpi></acpi></i82555></mii></intel></i82555></mii></intel></pci></pci-pci></acpi></acpi></acpi></acpi></isa></pci-isa></ohci></ohci></ata></ata></serverworks></vga-compatible></acpi></acpi></acpi></acpi></acpi></acpi></ibm></software></version></version></version></ibm></cnxt-id,xtpr></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe> 
    

    Thank you very much!

    Max</gw_aon></gw_upc>



  • Update:
    Though 6th Nov. snapshot already gave me the "cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [204]: table <bogons>persist file "/etc/bogons"" error in addition to the first "pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]:" which appeared for me first on Oct.12th snapshot, rules and gateways were working fine as I remember.. but I could be wrong and this second error (bogons) broke it.
    Couldn't test for long because this is a production machine, but I tried to edit/save some rules and AON rules, didn't have any effect though..

    Is there anything else I could do?

    I really don't want to stick to oct 12th ;)

    Thank you very much!</bogons>



  • Does anyone know what's this all about?
    Anyone else besides m4rcu5 and me having this problem?

    Edit: on redmine I found one follow up post regarding this error: http://redmine.pfsense.org/issues/922



  • 2.0-BETA4 (i386)
    built on Mon Nov 15 17:03:26 EST 2010
    FreeBSD 8.1-RELEASE-p1
    nanobsd

    I get this from time to time:

    
    There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]:
    
    


  • After upgrading to todays snapshot, I don't get the following error anymore:
    "/tmp/rules.debug:204: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [204]: table <bogons>persist file "/etc/bogons"

    I still get the same error as Clarknova though on boot.</bogons>



  • Okay, unfortunately I got

    php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:198: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded'

    4 hours after upgrading to that snapshot.

    Here's the snippet from rules.debug. Line 198 is in bold:

    SSH lockout

    block in log quick proto tcp from <sshlockout>to any port 65002 label "sshlockout"
    block in quick from <virusprot>to any label "virusprot overload table"
    table <bogons>persist file "/etc/bogons"
    # block bogon networks

    http://www.cymru.com/Documents/bogon-bn-nonagg.txt

    block in log quick on $UPC from <bogons>to any label "block bogon networks from UPC"
    antispoof for em3

    block anything from private networks on interfaces with the option set

    antispoof for $UPC
    block in log quick on $UPC from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
    block in log quick on $UPC from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
    block in log quick on $UPC from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
    block in log quick on $UPC from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"

    $UPC is my first "WAN" interface.

    I now upgraded to Sun Nov 21 02:37:38 ..</bogons></bogons></virusprot></sshlockout>



  • Any news about those DIOCADDRULE errors?

    Is this something to worry about?
    If someone could explain what this error is about it would be very nice to know ;)

    Thank you!



  • Please wait for a snapshot to come after this post and try to see if it fixes the error.



  • Using 2.0-BETA4 (amd64)
    built on Mon Nov 29 23:16:42 UTC 2010

    Error still exists



  • Can you show me your system logs?
    Possibly other info from the system?



  • I'm running in a ESXi virtualized environment but from what I've read its the same error others are seeing with full installs on dedicated hardware.

    Nov 29 22:55:50 	kernel: VMware memory control driver initialized
    Nov 29 22:55:50 	sshlockout[37131]: sshlockout v2.0 starting up
    Nov 29 22:55:50 	sshlockout[37131]: sshlockout v2.0 starting up
    Nov 29 22:55:50 	login: login on ttyv0 as root
    Nov 29 22:55:49 	php: : Resyncing configuration for all packages.
    Nov 29 22:55:48 	miniupnpd[21227]: Listening for NAT-PMP traffic on port 5351
    Nov 29 22:55:48 	miniupnpd[21227]: Listening for NAT-PMP traffic on port 5351
    Nov 29 22:55:48 	miniupnpd[21227]: HTTP listening on port 2189
    Nov 29 22:55:48 	miniupnpd[21227]: HTTP listening on port 2189
    Nov 29 22:55:48 	php: miniupnpd: Starting service on interface: lan
    Nov 29 22:55:48 	php: : Creating rrd update script
    Nov 29 22:55:43 	php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
    Nov 29 22:55:43 	php: : DynDns: Cached IP: xxx.xxx.xxx.xxx
    Nov 29 22:55:43 	php: : DynDns: Current WAN IP: xxx.xxx.xxx.xxx
    Nov 29 22:55:43 	php: : DynDns debug information: xxx.xxx.xxx.xxx extracted from local system.
    Nov 29 22:55:43 	php: : DynDns: _checkIP() starting.
    Nov 29 22:55:43 	php: : DynDns: _detectChange() starting.
    Nov 29 22:55:43 	php: : DynDns: updatedns() starting
    Nov 29 22:55:43 	php: : DynDns: Running updatedns()
    Nov 29 22:55:43 	dnsmasq[56517]: read /etc/hosts - 2 addresses
    Nov 29 22:55:43 	dnsmasq[56517]: using nameserver xxx.xxx.xxx.xxx#53
    Nov 29 22:55:43 	dnsmasq[56517]: using nameserver xxx.xxx.xxx.xxx#53
    Nov 29 22:55:43 	dnsmasq[56517]: reading /etc/resolv.conf
    Nov 29 22:55:43 	check_reload_status: updating all dyndns
    Nov 29 22:55:43 	dnsmasq[56517]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
    Nov 29 22:55:43 	dnsmasq[56517]: started, version 2.55 cachesize 10000
    Nov 29 22:55:42 	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Nov 29 22:55:42 	dhcpd: All rights reserved.
    Nov 29 22:55:42 	dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    Nov 29 22:55:42 	dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    Nov 29 22:55:41 	php: : ROUTING: change default route to xxx.xxx.xxx.xxx
    Nov 29 22:55:41 	check_reload_status: reloading filter
    Nov 29 22:55:40 	kernel: ovpnc3: link state changed to UP
    Nov 29 22:55:38 	apinger: Starting Alarm Pinger, apinger(25355)
    Nov 29 22:55:38 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy'
    Nov 29 22:55:37 	apinger: Exiting on signal 15.
    Nov 29 22:55:37 	php: : There were error(s) loading the rules: pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4
    Nov 29 22:55:37 	php: : New alert found: There were error(s) loading the rules: pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate si
    Nov 29 22:55:37 	php: : There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [ DIOCADDRULE]:
    Nov 29 22:55:37 	php: : New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]:
    Nov 29 22:55:37 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AI
    Nov 29 22:55:37 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: Duplicate signature for AIX 4.3 : File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 2: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 2-3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 5.1 : File exists pfctl: Duplicate signature for AIX 5.2 : File exists pfctl: Duplicate signature for AIX 5.1-5.2 : File exists pfctl: Duplicate signature for AIX 4.3 3: File exists pfctl: Duplicate signature for AI
    Nov 29 22:55:37 	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:59: cannot define table direct_networks: Device busy /tmp/rules.debug:85: cannot define table bogons: Device busy pfctl: Syntax error in config file: pf rules not loaded'
    Nov 29 22:55:37 	inetd[59970]: Accessing /var/etc/inetd.conf: No such file or directory, continuing anyway.
    Nov 29 22:55:37 	inetd[59970]: Accessing /var/etc/inetd.conf: No such file or directory, continuing anyway.
    Nov 29 22:55:36 	apinger: Starting Alarm Pinger, apinger(35530)
    Nov 29 22:55:36 	kernel: pflog0: promiscuous mode enabled
    Nov 29 22:55:36 	check_reload_status: reloading filter
    Nov 29 22:55:36 	check_reload_status: reloading filter
    Nov 29 22:55:36 	kernel: Trying to mount root from ufs:/dev/da0s1a
    Nov 29 22:55:36 	kernel: SMP: AP CPU #3 Launched!
    Nov 29 22:55:36 	kernel: SMP: AP CPU #1 Launched!
    Nov 29 22:55:36 	kernel: SMP: AP CPU #2 Launched!
    Nov 29 22:55:36 	kernel: da0: 8192MB (16777216 512 byte sectors: 255H 63S/T 1044C)
    Nov 29 22:55:36 	kernel: da0: Command Queueing enabled
    Nov 29 22:55:36 	kernel: da0: 320.000MB/s transfers (160.000MHz, offset 127, 16bit)
    Nov 29 22:55:36 	kernel: da0: <vmware virtual="" disk="" 1.0="">Fixed Direct Access SCSI-2 device
    Nov 29 22:55:36 	kernel: da0 at mpt0 bus 0 scbus0 target 0 lun 0
    Nov 29 22:55:36 	kernel: acd0: DVDR <vmware virtual="" ide="" cdrom="" drive="" 00000001="">at ata1-master UDMA33
    Nov 29 22:55:36 	kernel: IPsec: Initialized Security Association Processing.
    Nov 29 22:55:36 	kernel: Timecounters tick every 10.000 msec
    Nov 29 22:55:36 	kernel: ppc0: cannot reserve I/O port range
    Nov 29 22:55:36 	kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Nov 29 22:55:36 	kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Nov 29 22:55:36 	kernel: sc0: <system console="">at flags 0x100 on isa0
    Nov 29 22:55:36 	kernel: orm0: <isa option="" roms="">at iomem 0xc0000-0xc7fff,0xca000-0xcafff,0xcb000-0xcbfff,0xdc000-0xdffff,0xe0000-0xe3fff on isa0
    Nov 29 22:55:36 	kernel: psm0: model IntelliMouse, device ID 3
    Nov 29 22:55:36 	kernel: psm0: [ITHREAD]
    Nov 29 22:55:36 	kernel: psm0: [GIANT-LOCKED]
    Nov 29 22:55:36 	kernel: psm0: <ps 2="" mouse="">irq 12 on atkbdc0
    Nov 29 22:55:36 	kernel: atkbd0: [ITHREAD]
    Nov 29 22:55:36 	kernel: atkbd0: [GIANT-LOCKED]
    Nov 29 22:55:36 	kernel: kbd0 at atkbd0
    Nov 29 22:55:36 	kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
    Nov 29 22:55:36 	kernel: atkbdc0: <keyboard controller="" (i8042)="">port 0x60,0x64 irq 1 on acpi0
    Nov 29 22:55:36 	kernel: atrtc0: <at realtime="" clock="">port 0x70-0x71 irq 8 on acpi0
    Nov 29 22:55:36 	kernel: acpi_acad0: <ac adapter="">on acpi0
    Nov 29 22:55:36 	kernel: pci34: <acpi pci="" bus="">on pcib34
    Nov 29 22:55:36 	kernel: pcib34: <acpi pci-pci="" bridge="">at device 24.7 on pci0
    Nov 29 22:55:36 	kernel: pci33: <acpi pci="" bus="">on pcib33
    Nov 29 22:55:36 	kernel: pcib33: <acpi pci-pci="" bridge="">at device 24.6 on pci0
    Nov 29 22:55:36 	kernel: pci32: <acpi pci="" bus="">on pcib32
    Nov 29 22:55:36 	kernel: pcib32: <acpi pci-pci="" bridge="">at device 24.5 on pci0
    Nov 29 22:55:36 	kernel: pci31: <acpi pci="" bus="">on pcib31
    Nov 29 22:55:36 	kernel: pcib31: <acpi pci-pci="" bridge="">at device 24.4 on pci0
    Nov 29 22:55:36 	kernel: pci30: <acpi pci="" bus="">on pcib30
    Nov 29 22:55:36 	kernel: pcib30: <acpi pci-pci="" bridge="">at device 24.3 on pci0
    Nov 29 22:55:36 	kernel: pci29: <acpi pci="" bus="">on pcib29
    Nov 29 22:55:36 	kernel: pcib29: <acpi pci-pci="" bridge="">at device 24.2 on pci0
    Nov 29 22:55:36 	kernel: pci28: <acpi pci="" bus="">on pcib28
    Nov 29 22:55:36 	kernel: pcib28: <acpi pci-pci="" bridge="">at device 24.1 on pci0
    Nov 29 22:55:36 	kernel: pci27: <acpi pci="" bus="">on pcib27
    Nov 29 22:55:36 	kernel: pcib27: <acpi pci-pci="" bridge="">at device 24.0 on pci0
    Nov 29 22:55:36 	kernel: pci26: <acpi pci="" bus="">on pcib26
    Nov 29 22:55:36 	kernel: pcib26: <acpi pci-pci="" bridge="">at device 23.7 on pci0
    Nov 29 22:55:36 	kernel: pci25: <acpi pci="" bus="">on pcib25
    Nov 29 22:55:36 	kernel: pcib25: <acpi pci-pci="" bridge="">at device 23.6 on pci0
    Nov 29 22:55:36 	kernel: pci24: <acpi pci="" bus="">on pcib24
    Nov 29 22:55:36 	kernel: pcib24: <acpi pci-pci="" bridge="">at device 23.5 on pci0
    Nov 29 22:55:36 	kernel: pci23: <acpi pci="" bus="">on pcib23
    Nov 29 22:55:36 	kernel: pcib23: <acpi pci-pci="" bridge="">at device 23.4 on pci0
    Nov 29 22:55:36 	kernel: pci22: <acpi pci="" bus="">on pcib22
    Nov 29 22:55:36 	kernel: pcib22: <acpi pci-pci="" bridge="">at device 23.3 on pci0
    Nov 29 22:55:36 	kernel: pci21: <acpi pci="" bus="">on pcib21
    Nov 29 22:55:36 	kernel: pcib21: <acpi pci-pci="" bridge="">at device 23.2 on pci0
    Nov 29 22:55:36 	kernel: pci20: <acpi pci="" bus="">on pcib20
    Nov 29 22:55:36 	kernel: pcib20: <acpi pci-pci="" bridge="">at device 23.1 on pci0
    Nov 29 22:55:36 	kernel: pci19: <acpi pci="" bus="">on pcib19
    Nov 29 22:55:36 	kernel: pcib19: <acpi pci-pci="" bridge="">at device 23.0 on pci0
    Nov 29 22:55:36 	kernel: pci18: <acpi pci="" bus="">on pcib18
    Nov 29 22:55:36 	kernel: pcib18: <acpi pci-pci="" bridge="">at device 22.7 on pci0
    Nov 29 22:55:36 	kernel: pci17: <acpi pci="" bus="">on pcib17
    Nov 29 22:55:36 	kernel: pcib17: <acpi pci-pci="" bridge="">at device 22.6 on pci0
    Nov 29 22:55:36 	kernel: pci16: <acpi pci="" bus="">on pcib16
    Nov 29 22:55:36 	kernel: pcib16: <acpi pci-pci="" bridge="">at device 22.5 on pci0
    Nov 29 22:55:36 	kernel: pci15: <acpi pci="" bus="">on pcib15
    Nov 29 22:55:36 	kernel: pcib15: <acpi pci-pci="" bridge="">at device 22.4 on pci0
    Nov 29 22:55:36 	kernel: pci14: <acpi pci="" bus="">on pcib14
    Nov 29 22:55:36 	kernel: pcib14: <acpi pci-pci="" bridge="">at device 22.3 on pci0
    Nov 29 22:55:36 	kernel: pci13: <acpi pci="" bus="">on pcib13
    Nov 29 22:55:36 	kernel: pcib13: <acpi pci-pci="" bridge="">at device 22.2 on pci0
    Nov 29 22:55:36 	kernel: pci12: <acpi pci="" bus="">on pcib12
    Nov 29 22:55:36 	kernel: pcib12: <acpi pci-pci="" bridge="">at device 22.1 on pci0
    Nov 29 22:55:36 	kernel: pci11: <acpi pci="" bus="">on pcib11
    Nov 29 22:55:36 	kernel: pcib11: <acpi pci-pci="" bridge="">at device 22.0 on pci0
    Nov 29 22:55:36 	kernel: pci10: <acpi pci="" bus="">on pcib10
    Nov 29 22:55:36 	kernel: pcib10: <acpi pci-pci="" bridge="">at device 21.7 on pci0
    Nov 29 22:55:36 	kernel: pci9: <acpi pci="" bus="">on pcib9
    Nov 29 22:55:36 	kernel: pcib9: <acpi pci-pci="" bridge="">at device 21.6 on pci0
    Nov 29 22:55:36 	kernel: pci8: <acpi pci="" bus="">on pcib8
    Nov 29 22:55:36 	kernel: pcib8: <acpi pci-pci="" bridge="">at device 21.5 on pci0
    Nov 29 22:55:36 	kernel: pci7: <acpi pci="" bus="">on pcib7
    Nov 29 22:55:36 	kernel: pcib7: <acpi pci-pci="" bridge="">at device 21.4 on pci0
    Nov 29 22:55:36 	kernel: pci6: <acpi pci="" bus="">on pcib6
    Nov 29 22:55:36 	kernel: pcib6: <acpi pci-pci="" bridge="">at device 21.3 on pci0
    Nov 29 22:55:36 	kernel: pci5: <acpi pci="" bus="">on pcib5
    Nov 29 22:55:36 	kernel: pcib5: <acpi pci-pci="" bridge="">at device 21.2 on pci0
    Nov 29 22:55:36 	kernel: pci4: <acpi pci="" bus="">on pcib4
    Nov 29 22:55:36 	kernel: pcib4: <acpi pci-pci="" bridge="">at device 21.1 on pci0
    Nov 29 22:55:36 	kernel: pci3: <acpi pci="" bus="">on pcib3
    Nov 29 22:55:36 	kernel: pcib3: <acpi pci-pci="" bridge="">at device 21.0 on pci0
    Nov 29 22:55:36 	kernel: em1: [FILTER]
    Nov 29 22:55:36 	kernel: em1: Memory Access and/or Bus Master bits were not set!
    Nov 29 22:55:36 	kernel: em1: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3="">port 0x2040-0x207f mem 0xd8940000-0xd895ffff,0xd8910000-0xd891ffff irq 19 at device 1.0 on pci2
    Nov 29 22:55:36 	kernel: em0: [FILTER]
    Nov 29 22:55:36 	kernel: em0: Memory Access and/or Bus Master bits were not set!
    Nov 29 22:55:36 	kernel: em0: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.3="">port 0x2000-0x203f mem 0xd8920000-0xd893ffff,0xd8900000-0xd890ffff irq 18 at device 0.0 on pci2
    Nov 29 22:55:36 	kernel: pci2: <acpi pci="" bus="">on pcib2
    Nov 29 22:55:36 	kernel: pcib2: <acpi pci-pci="" bridge="">at device 17.0 on pci0
    Nov 29 22:55:36 	kernel: mpt0: MPI Version=1.2.0.0
    Nov 29 22:55:36 	kernel: mpt0: [ITHREAD]
    Nov 29 22:55:36 	kernel: mpt0: <lsilogic 1030="" ultra4="" adapter="">port 0x1400-0x14ff mem 0xd8820000-0xd883ffff,0xd8800000-0xd881ffff irq 17 at device 16.0 on pci0
    Nov 29 22:55:36 	kernel: vgapci0: <vga-compatible display="">port 0x10d0-0x10df mem 0xd4000000-0xd7ffffff,0xd8000000-0xd87fffff irq 16 at device 15.0 on pci0
    Nov 29 22:55:36 	kernel: pci0: <base peripheral=""> at device 7.7 (no driver attached)
    Nov 29 22:55:36 	kernel: pci0: <bridge>at device 7.3 (no driver attached)
    Nov 29 22:55:36 	kernel: ata1: [ITHREAD]
    Nov 29 22:55:36 	kernel: ata1: <ata 1="" channel="">on atapci0
    Nov 29 22:55:36 	kernel: ata0: [ITHREAD]
    Nov 29 22:55:36 	kernel: ata0: <ata 0="" channel="">on atapci0
    Nov 29 22:55:36 	kernel: atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x10c0-0x10cf at device 7.1 on pci0
    Nov 29 22:55:36 	kernel: isa0: <isa bus="">on isab0
    Nov 29 22:55:36 	kernel: isab0: <pci-isa bridge="">at device 7.0 on pci0
    Nov 29 22:55:36 	kernel: pci1: <acpi pci="" bus="">on pcib1
    Nov 29 22:55:36 	kernel: pcib1: <acpi pci-pci="" bridge="">at device 1.0 on pci0
    Nov 29 22:55:36 	kernel: pci0: <acpi pci="" bus="">on pcib0
    Nov 29 22:55:36 	kernel: pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
    Nov 29 22:55:36 	kernel: cpu3: <acpi cpu="">on acpi0
    Nov 29 22:55:36 	kernel: cpu2: <acpi cpu="">on acpi0
    Nov 29 22:55:36 	kernel: cpu1: <acpi cpu="">on acpi0
    Nov 29 22:55:36 	kernel: cpu0: <acpi cpu="">on acpi0
    Nov 29 22:55:36 	kernel: acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
    Nov 29 22:55:36 	kernel: Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
    Nov 29 22:55:36 	kernel: acpi0: Power Button (fixed)
    Nov 29 22:55:36 	kernel: acpi0: [ITHREAD]
    Nov 29 22:55:36 	kernel: acpi0: <intel 440bx="">on motherboard
    Nov 29 22:55:36 	kernel: padlock0: No ACE support.
    Nov 29 22:55:36 	kernel: cryptosoft0: <software crypto="">on motherboard
    Nov 29 22:55:36 	kernel: kbd1 at kbdmux0
    Nov 29 22:55:36 	kernel: wlan: mac acl policy registered
    Nov 29 22:55:36 	kernel: ioapic0 <version 1.1="">irqs 0-23 on motherboard
    Nov 29 22:55:36 	kernel: MADT: Forcing active-low polarity and level trigger for SCI
    Nov 29 22:55:36 	kernel: cpu3 (AP): APIC ID: 3
    Nov 29 22:55:36 	kernel: cpu2 (AP): APIC ID: 2
    Nov 29 22:55:36 	kernel: cpu1 (AP): APIC ID: 1
    Nov 29 22:55:36 	kernel: cpu0 (BSP): APIC ID: 0
    Nov 29 22:55:36 	kernel: FreeBSD/SMP: 4 package(s) x 1 core(s)
    Nov 29 22:55:36 	kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
    Nov 29 22:55:36 	kernel: ACPI APIC Table: <ptltd apic="">Nov 29 22:55:36 	kernel: avail memory = 1014796288 (967 MB)
    Nov 29 22:55:36 	kernel: real memory = 1073741824 (1024 MB)
    Nov 29 22:55:36 	kernel: TSC: P-state invariant
    Nov 29 22:55:36 	kernel: AMD Features2=0x1 <lahf>Nov 29 22:55:36 	kernel: AMD Features=0x20100800 <syscall,nx,lm>Nov 29 22:55:36 	kernel: Features2=0x80082201<sse3,ssse3,cx16,sse4.1,<b31>>
    Nov 29 22:55:36 	kernel: Features=0xfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss>Nov 29 22:55:36 	kernel: Origin = "GenuineIntel" Id = 0x1067a Family = 6 Model = 17 Stepping = 10
    Nov 29 22:55:36 	kernel: CPU: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz (2665.84-MHz K8-class CPU)
    Nov 29 22:55:36 	kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
    Nov 29 22:55:36 	kernel: sullrich@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64
    Nov 29 22:55:36 	kernel: FreeBSD 8.1-RELEASE-p1 #1: Mon Nov 29 23:14:41 UTC 2010
    Nov 29 22:55:36 	kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
    Nov 29 22:55:36 	kernel: The Regents of the University of California. All rights reserved.
    Nov 29 22:55:36 	kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    Nov 29 22:55:36 	kernel: Copyright (c) 1992-2010 The FreeBSD Project.</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss></sse3,ssse3,cx16,sse4.1,<b31></syscall,nx,lm></lahf></ptltd></version></software></intel></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></pci-isa></isa></intel></ata></ata></bridge></vga-compatible></lsilogic></acpi></acpi></intel(r)></intel(r)></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></ac></at></keyboard></at></ps></isa></system></generic></vmware></vmware> 
    


  • Running latest version - updated about 20 mins ago

    Dec 1 08:00:22 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was 'pfctl: DIOCADDRULE: Device busy'
    Dec 1 08:00:17 inetd[23098]: /var/etc/inetd.conf: No such file or directory
    Dec 1 08:00:17 inetd[23098]: /var/etc/inetd.conf: No such file or directory
    Dec 1 08:00:16 check_reload_status: reloading filter
    Dec 1 08:00:16 check_reload_status: syncing firewall
    Dec 1 08:00:16 check_reload_status: reloading filter
    Dec 1 08:00:15 php: /pkg_edit.php: Reloading Squid for configuration sync

    Still here - but everything seems to be running OK?

    Regards

    Andrew



  • Are these errors still there if you upgrade to one of the latest snapshots?



  • Hi Ermal,

    Unfortunately the error is still present on snapshot Sat Dec 4 01:44:52 EST 2010 (i386) and pops up directly after boot.

    Sorry :(



  • When the snapshot that is currently building is done, try that one.  There's something in there that might fix this.



  • 2.0-BETA4 (i386)
    built on Sun Dec 5 07:23:23 EST 2010
    Platform nanobsd (1g)
    uptime  00:06

    So far so good :)



  • Yes, looking good here as well.


Log in to reply