Constantly reloading rules

killah · Mar 25, 2007, 9:00 PM

What could be the problem that filter rules are constantly reloading with no errors??

How can I stop this, because it consumes processor all time?

hoba · Mar 25, 2007, 9:06 PM

What version are you using? If it's one of the latest snapshots please read the snapshotwarning at the forum mainpage, newssection (fading area on top). If you already run such a snapshot I recommend upgrading though the new feature is not yet done.

killah · Mar 25, 2007, 9:15 PM

I'm running 1.0.1 built on Sun Oct 29 01:45:08 UTC 2006

Can you tell Me please what determines that rules are already reloaded?
How can I stop this?

hoba · Mar 25, 2007, 9:54 PM

Haven't see such a problem with 1.0.1 release yet (nor with any other version actually). Can you show us your systemlogs? Does a reboot fix it?

killah · Mar 26, 2007, 9:49 AM

Sometimes there are no errors reloading rules.

Sometimes I get someting like this:
Acknowledge All .:. 03-26-07 06:11:44 - [filter_load]There where error(s) loading the rules: pfctl: DIOCADDRULE: Device busy The line in question reads [ DIOCADDRULE]: .:.

Reboot helps (for some time)..

sullrich · Mar 26, 2007, 3:02 PM

Haven't seen anything like this. Perhaps you should reinstall.

killah · Mar 26, 2007, 8:46 PM

It's fresh copy.. So, reinstalling is not a solution.

What happens after I click "Apply Changes" when editing rules?? Which files are processed?

jeroen234 · Mar 27, 2007, 5:15 AM

confi.xml is them rewritten
and then reread

hoba · Mar 27, 2007, 6:05 AM

Any chance this is a carp cluster and you set up some syncing loop (master->slave->master->slave->…)?

killah · Mar 27, 2007, 2:32 PM

Nope.. It's not CARP cluster. I have dual WAN Internet connection with Load balancer turned on. I guess I know what was the reason. As a matter of fact there were two.. :)

First - one of My ISP was messing with My ADSL connection. (there should be an option in Load balancer to adjust time of finding that one of connections is offline)
Second - I added some rules to /etc/crontab wrong way. (My bad)

Problem solved.. :)

hoba · Mar 27, 2007, 2:48 PM

@killah:

First - one of My ISP was messing with My ADSL connection. (there should be an option in Load balancer to adjust time of finding that one of connections is offline)

We raised the timeoutlevel for the linkdown detection in newer snapshots to be not that sensitive anymore so this should be fixed (unless your link is really really bad).

killah · Mar 27, 2007, 5:48 PM

Super, it will be helpful! But time of reaction should be balanced too, not too quick not too slow. It would be nice if I could define it Myself..

hoba · Mar 27, 2007, 6:37 PM

Afaik it's hardcoded in the slbd binary and therefor not that easily configurable but I might be wrong here.

sullrich · Mar 27, 2007, 6:52 PM

@hoba:

Afaik it's hardcoded in the slbd binary and therefor not that easily configurable but I might be wrong here.

You are absolutely correct.