Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    There error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    16 Posts 3 Posters 11.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      S_D
      last edited by

      Hi there,

      Apologies - I'm not sure whether this goes in the IPv6 section or the 2.1 section, so please move it if req'd.

      I'm getting this error message on reboot of my 2.1 gateway:

      There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]

      My search reveals a similar thread for 2.0 snapshots back in 2010 - but that didn't get followed up.

      My gateway has pfBlocker and a tunnel broker connection. The above error only appears since adding the tunnel broker IPv6 tunnel. It didn't appear before. The message appears in the system logs, but with no other information.

      Everything appears to work, but obviously something's wrong…

      Any help would be very appreciated.

      Thanks,

      Simon

      1 Reply Last reply Reply Quote 0
      • S
        S_D
        last edited by

        Just to add to this - I've since rebuilt the whole firewall from scratch using the latest snapshot and it continues to do it. I didn't import my previous config, I rebuilt it manually. And it only started doing it after creating my HE.net tunnel.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Do you run any proxy software(package) on your installation?

          1 Reply Last reply Reply Quote 0
          • S
            S_D
            last edited by

            @ermal:

            Do you run any proxy software(package) on your installation?

            Hi there,

            Thanks for the reply.

            Nope, no proxy.

            It's an AMD64 install, 4GB RAM on a D2500CC. DHCP Wan IP from my ISP, pfBlocker installed on top of that, and then finally the IPv6 tunnel to tunnelbroker.net (he.net). Pretty straight forward I think. :)

            Simon

            1 Reply Last reply Reply Quote 0
            • S
              S_D
              last edited by

              A quick update after some testing this evening that I've done.

              I had a statically assigned DHCP reservation from my ISP. I've taken this and set my WAN interface to be that actual static IP, using the same address and gateway information. Now when I reboot I no longer get the error.

              It appears that perhaps the IPv6 tunnel is having some difficulty in attaching to an interface that hasn't got it's address yet? Maybe?

              Although the system logs suggest that the WAN interface has the IPv4 address by that point, but I'm not sure. Will gladly upload logs if it'll help further?

              Thanks,

              Simon

              1 Reply Last reply Reply Quote 0
              • S
                S_D
                last edited by

                Hmmm, another update. Sorry for appearing to spam this but I'm genuinely not!

                Anyway, it appears that after my ISP (O2 UK) made some changes on the network last week, the way that my static IP address is handled has changed. Whereas before I set my static IP address manually, now they say that I have to use DHCP, where I will be assigned a reservation. I guess I've just worked out why.

                So, after my 'fix' above of changing to a static IP on the WAN, the connection totally drops out after 30 minutes. A reboot doesn't sort it - the only thing that will sort it is going back to DHCP on the WAN. I guess the ISP is looking for the DHCP lease request, and if it doesn't get it then assumes the connection is down - or other such weirdness.

                Anyway, it leads me back around to what started this thread. In DHCP mode on the WAN I'm getting this strange error (thread title).

                Any more ideas are gratefully appreciated

                Thanks,

                Simon

                1 Reply Last reply Reply Quote 0
                • E
                  eri--
                  last edited by

                  Have you tried disabling pfBlocker and see if that fixes it?

                  1 Reply Last reply Reply Quote 0
                  • S
                    S_D
                    last edited by

                    @ermal:

                    Have you tried disabling pfBlocker and see if that fixes it?

                    Yup, I've tried that. Indeed, it disables itself when updating to the new snapshots that are released.

                    But do you mean just disabling it, or disabling all the aliased rules I have too?

                    1 Reply Last reply Reply Quote 0
                    • E
                      eri--
                      last edited by

                      Disable the package and the rules that reference aliases from it.

                      1 Reply Last reply Reply Quote 0
                      • S
                        S_D
                        last edited by

                        @ermal:

                        Disable the package and the rules that reference aliases from it.

                        Thanks - I'll try that tonight when I get home.

                        Is it enough to disable the rules, or do I actually have to delete them?

                        1 Reply Last reply Reply Quote 0
                        • E
                          eri--
                          last edited by

                          Just disable them.
                          Though the most important are the aliases content in this case.

                          1 Reply Last reply Reply Quote 0
                          • S
                            S_D
                            last edited by

                            Hi,

                            Well that's interesting - I've just taken a gamble and done it remotely from the office.
                            I disabled the rules, then disabled pfBlocker and no error on reboot! Very strange.
                            So,
                            IPv6 tunnel ON, pfBlocker OFF, DHCP WAN address = No error
                            IPv6 tunnel ON, pfBlocker ON, Static WAN address = No error
                            IPv6 tunnel OFF, pfBlocker On, DHCP WAN address = No error
                            IPv6 tunnel ON, pfBlocker On, DHCP WAN address = error!

                            So disabling any of pfBlocker, IPv6, or the DHCP address stops the error… I've very confused.

                            Thanks for your help so far

                            Simon

                            1 Reply Last reply Reply Quote 0
                            • S
                              S_D
                              last edited by

                              Me again! :)

                              OK, done some more testing.

                              With all the rules used for pfBlocker disabled, I then disabled all the individual lists that I load. Reboot - no error. Then one by one turned them back on, and once we got to the larger lists (then rebooting) it started to get the error again.

                              So putting together this, along with the post above, it just seems that a combination of things make the 'timeout' get reached, and for the error to occur, including adding larger lists into pfBlocker.

                              Is there a configurable option somewhere to set this timeout or to see in more detail as to what's 'failing'?

                              Thanks,

                              Simon

                              1 Reply Last reply Reply Quote 0
                              • E
                                eri--
                                last edited by

                                No its a pfblocker fault here on how it does things.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  S_D
                                  last edited by

                                  Thanks for that :) I'll ask pfBlocker guy to look at it

                                  One last thing - are you sure, considering that I don't get this error just by disabling my IPv6 tunnel?

                                  Many thanks for all your help

                                  Simon

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    priller
                                    last edited by

                                    For me, this problem went away after I set "Top Spammers" to Disabled.  All my other lists are still active.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.