PfSense 2.0 continually reloading filters
-
I came into work this morning, checked on the pfSense firewall status, and found in the system logs section that the filters are being reloaded roughly twice a minute.
I checked that nobody else was logged in, and tried rebooting the router, expecting that to clear it, but it didn't. It's still reloading twice/minute. Log excerpts and System Info from dashboard attached below. Any ideas?
Feel free to move to another section if there's one it fits better.
Sample messages follow:
Last 50 system log entries
Dec 17 08:35:11 check_reload_status: Reloading filter
Dec 17 08:35:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:35:58 check_reload_status: Reloading filter
Dec 17 08:36:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:36:11 check_reload_status: Reloading filter
Dec 17 08:36:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:36:58 check_reload_status: Reloading filter
Dec 17 08:37:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:37:11 check_reload_status: Reloading filter
Dec 17 08:37:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:37:58 check_reload_status: Reloading filter
Dec 17 08:38:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:38:11 check_reload_status: Reloading filter
Dec 17 08:38:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:38:58 check_reload_status: Reloading filter
Dec 17 08:39:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:39:11 check_reload_status: Reloading filter
Dec 17 08:39:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:39:58 check_reload_status: Reloading filter
Dec 17 08:40:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:40:11 check_reload_status: Reloading filter
Dec 17 08:40:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:40:58 check_reload_status: Reloading filter
Dec 17 08:41:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:41:11 check_reload_status: Reloading filter
Dec 17 08:41:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:41:58 check_reload_status: Reloading filter
Dec 17 08:42:01 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:42:11 check_reload_status: Reloading filter
Dec 17 08:42:48 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 08:42:58 check_reload_status: Reloading filter
…After reboot, it's still reloading the filters twice per minute though the seconds parts have changed:
Last 50 system log entries
Dec 17 09:18:07 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:18:17 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:18:17 check_reload_status: Reloading filter
Dec 17 09:18:27 check_reload_status: Reloading filter
Dec 17 09:19:07 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:19:17 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:19:17 check_reload_status: Reloading filter
Dec 17 09:19:27 check_reload_status: Reloading filter
Dec 17 09:20:07 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:20:17 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:20:17 check_reload_status: Reloading filter
Dec 17 09:20:27 check_reload_status: Reloading filter
Dec 17 09:21:07 apinger: alarm canceled: FirewallAdminGateway(10.1.1.1) *** down ***
Dec 17 09:21:17 apinger: ALARM: FirewallAdminGateway(10.1.1.1) *** down ***
...Dashboard info (prior to reboot):
Name pfsense.XXYYZZYY.com
Version 2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6Unable to check for updates.
Platform pfSense
CPU Type Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Uptime 8 days, 17:32
Current date/time
Mon Dec 17 9:00:53 HST 2012
DNS server(s) 127.0.0.1
10.0.0.3
10.0.0.4
Last config change Fri Dec 14 15:15:42 HST 2012 -
Never mind, I just got it.
I had changed the probe interval for the default gateway to 1 minute, so it wouldn't be pinging the router so constantly. When doing that, I didn't realize that:
-
If the interval between probes to a gateway is greater than the down time, the "alarm" will always fire once the down time has been exceeded without a response from the gateway.
-
The default value of "Down" ="down time for the alarm to fire, in seconds", which is not shown, is not derived from the interval between probes, and does not include the interval between probes.
-
pfSense will reload all the filters whenever the alarm for a gateway fires because it sees the gateway down. (It doesn't say that when describing the alarm parameters, BTW.)
Therefore, pfSense was reloading everything a couple times a minute, because it hadn't seen a ping response recently enough, because it was only pinging once a minute. Good thing this is is a fast machine and reloads have minimal impact.
Sorry for bugging you all with this.
Two user interface suggestions:
1. On the Gateway configuration page, mention under "Gateway Monitoring" that the gateway being down will trigger a filter reload. (That would have helped me know where to look, as I did check the Gateway page when trying to figure this out.)
2. In the "Advanced" section, if "Down" is unspecified or is less than "Frequency Probe", default it to "Frequency Probe" + X where X is some default margin, similar to what the current default for "Down" is.
3. Show the default value for "Down". -
-
Perhaps the advanced options screen from 2.1 is more enlightening: