PF was wedged/busy and has been reset
-
I'm using pfSense 2.1.4-RELEASE (amd64) + pfblocker + snort.
I'm getting the message PF was wedged/busy and has been reset
when using AirVPN from a Win7-64bit machine inside my LAN network (I'm using the official OpenVPN client v. 2.3.4-I001).
pfSense stops working and displays that message in the notification area. I didn't setup no other rules beside those automatically created by pfblocker.
If I look in Services –> Snort --> Blocked tab I can see that Snort isn't blocking anything so, at first glance, the problem seems not related here.
my setup:
pfSense firewall 2.1.4-RELEASE (amd64)
motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ Hard Disk: Western Digital WD10JFCX Red. -
The only other forum post I could find related to this error was to do with bad rules. Do you happen to have anything like [ There were error(s) loading the rules: - The line in question reads…[/b] in your logs?
-
Yes, there was that message, but I can't remember the exact content. The strange thing is that this setup worked flawlessly for months and no rules are setup except for the "standard" ones.
-
If I remember, there have been some updates to the Snort site and some strange behaviour with them moving some files around. I'm wondering if maybe you've got a corrupted ruleset somehow.
-
In filter.inc
https://github.com/pfsense/pfsense/blob/master/etc/inc/filter.inc
It contains the code that produced the log message:
$_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug 2>&1", $rules_error, $rules_loading);
/* Brutal ugly hack but required -- PF is stuck, unwedge */ if (strstr("$rules_error[0]", "busy")) { exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); $error_msg = gettext("PF was wedged/busy and has been reset."); file_notice("pf_busy", $error_msg, "pf_busy", "");
pfctl -o basic -f /tmp/rules.debug
You might want to try running this command in the shell to see if it reports any errors? or look at the /tmp/rules.debug for anything out of the ordinary? As always make a Full Backup of the config file before proceeding.
-
I've just reinstalled Snort keeping the Preferences. Tomorrow I'm going to test it again.
-
No luck: received this message today
[ There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: ]