5. Alias->URL Table (IPS)

Alias->URL Table (IPS)

  • W

    Upon boot pfSense 2.2 takes 7 -10 minutes to load pfSense at the [Loading Firewall] line with 8 <aliases>_ <urls>Type <url table="" (ips)="">consisting of approx 129,000 URLs total over all 8 aliases in the following format. Files are clean. Using BBcan177's script from the https://forum.pfsense.org/index.php?topic=78062.0

    217.195.25.241
    218.75.155.41
    218.146.254.33
    220.181.150.161
    222.186.19.226

    There is very little processor, disk or network activity during this time. Can not find anything in the logs that show what it's doing.

    vmWare 5.5, VM with 1x2 cores, 4 gigs ram, 35 gb storage, 2.2 Alpha built on Fri Aug 01 15:39:34 CDT 2014

    Any suggestions?

    Thanks,
    Bill</url></urls></aliases>

    0
  • Moderator

    I built a pfSense 2.2 Box today:

    2.2-ALPHA (amd64)
    built on Wed Jul 30 10:58:12 CDT 2014
    FreeBSD xxxxx.xxxxxx.com 10.0-STABLE FreeBSD 10.0-STABLE #44 0d8378f(HEAD)-dirty: Wed Jul 30 11:11:05 CDT 2014 root@xxxx-amd64-snap:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64

    I can confirm that I am seeing the same issue with Reboot where it takes a while to load the WEB GUI. However, the Shell (SSH) comes up fairly quick. I don't see any Firewall Log errors in the system.logs. This box (2.2) has only the LAN interface enabled and is using the GW from a LIVE 2.14 box. I didn't take a look at the console to see if the [Loading Firewall] message appears there?

    I also notice that alias's (URL Table - IPs) that were defined before shutdown are showing empty tables after reboot. 2.14 does not exhibit this behavior. All of the alias (URL Table - IPs) definitions are there, but they are empty.

    Previously when an alias was created, clicking "Save" would load the Alias, and you could see the Tables if you hovered over the rules that are defined with an "alias", or in Diagnostics:Table. With 2.2, "Save" does not reload the previously defined aliases.

    The only way to get the Aliases to show the IPs, is with a "pfctl" command:

    **/sbin/pfctl -t -T replace -f /PATH/TO/

    However, if you edit the Alias another time, and click "Save", it will clear the table again. Executing the pfctl command above will allow reloading the alias table.**

    0
  • W

    After looking around further creating an Alias of URLS in a URL_table(IPs) then creating Floating rules based on these aliases the rules do not populate the pf tables after saving them, you can see this by the command "pfctl -s labels".

    After executing the command "pfctl -t -T replace -f /PATH/TO/

    " manually the tables then load and function as expected per "pfctl -s labels".

    Also with these rules in place it takes 13 minutes for pfSense to boot at the first instance of "loading firewall" with 99.8 to 100% idle per Top during this idle time.

    From what I see the alias tables do not get populated and the floating rules based on these aliases do not function without manual intervention using the pfctl command. I am resorting to set up a cron job to reload the tables manually.

    Guys, am I missing something here?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy