Long time Configuring firewall… at boot
-
After adding an URL Table alias to the system, containing 17 FQDNs, and also using that alias in a couple of NAT rules, pfSense hangs a lot of time (minutes) during reboot at the first "Configuring firewall…" stage. There's another "Configuring firewall..." a few steps later, that goes on normally.
What did I do wrong?
Is there a timeout somewhere? Maybe it's trying to resolve the hostnames but at that time there's no network access yet through the WAN to outside?
-
This is similar to a problem I reported earlier today. In my case, the firewall config stage is taking 10 minutes or so to load. The differences I see is that once PFsense comes up it no longer passes traffic, and I had a number of aliases defined and thought they might be the problem. I deleted all of them, and it still took 10 minutes to load.
-
I had the same problem where loading the firewall configuration was taking 5 or more minutes. I had previously tried removing the aliases via the GUI but that did not fix the issue. Today, I edited the backed up config.xml file and removed the easy rule aliases as well as the aliases for pfblockerng (I had previously removed the package, but the aliases remained behind) and restored the configuration. That fixed the problem - the firewall configuration loads in seconds.
-
What do you mean by "easy rule aliases"?
(I don't use and never used pfblockerng)
-
Sorry - if you block an IP address from the Firewall system log, the IP address is added to an alias called "EasyRuleBlockHostsWAN" When I find an address that is port scanning, or trying brute force, I add them to that alias. There were probably 30-50 addresses in the alias. When I deleted the alias, the firewall configuration loaded in normal fashion during boot up.
