Filter Reload Status is never "done"

quadrinary · Jul 12, 2012, 7:43 AM

For the last couple of weeks, I've been noticing that some firewall rules are taking FOREVER to finally work, and if I look at the filter status after creating/editing a rule, what formerly took 2-3 seconds to say "Done" now takes minutes or even hours. It seems as if the reload is stuck in a loop - I'll notice the same things over and over again, starting with "Initializing" then going onto each of the NAT rules, firewall rules, squid hooks, etc until i see "Initializing" again and the whole thing starts over.

I've been pouring over our NAT rules and I don't see any conflicts there or in the firewall rules either. All the while, CPU use is at 100%. What could be causing this?

Thanks,

quad

jimp · Jul 12, 2012, 12:11 PM

The system log might have some clues, and perhaps if you watch "top -SH" from the console you'll spot the process using up the CPU time.