Hi all,
When an alias is changed via Firewall -> Aliases -> Apply, the script /usr/local/opnsense/scripts/filter/update_tables.py is run from the cron every minute to make sure that pf actually picks up the change, as I understand it.
However, running this script takes about 10 to 20 seconds during which the CPU gets stressed quite severly. This behavior is seen for quite some years now and I have not been able to fix this.
I did a python trace on the update_tables.py script and it is executing the /usr/local/opnsense/scripts/filter/lib/alias/pf.py file for example about 13 million times. That surely explains the CPU load, I guess. I do have some aliases (of 'URL Table (IPs)' type) some of which are quite big (more than 200,000 IP addresses). Am I doing something wrong with my firewall alias settings? I have seen some other mentions by people seeing similar behavior with the update_tables.py script, but unfortunately not with a fix.
Hopefully someone can help me with odd behavior. If I need to provide more information, please let me know. Thank you very much.
I just noticed the same and found this thread while looking for answers. Because the router breaks and needs a config restore via serial console half the time I apply any config change, I'm a bit hesitant to change things unnecessarily to debug the situation, but I'd also be rather curious why this high CPU usage for ~15 seconds per minute occurs