this seems like a stupid thing but i can't nobody else is suffering it so i can't believe is not fixed.
I'm using latest OPNsense 25.7.7_4-amd64
I have this in crontab
root@OPNsense-VPN:/etc # crontab -l
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
REQUESTS_CA_BUNDLE=/usr/local/etc/ssl/cert.pem
#minute hour mday month wday command
1 * * * * (/usr/local/sbin/configctl -d syslog archive) > /dev/null
*/4 * * * * (/usr/local/sbin/ping_hosts.sh) > /dev/null
0 22 * * * (/usr/local/sbin/configctl -d firmware changelog cron) > /dev/null
0,15,30,45 * * * * (/sbin/pfctl -t 'virusprot' -T expire '3600') > /dev/null
0,15,30,45 * * * * (/sbin/pfctl -t 'sshlockout' -T expire '3600') > /dev/null
* * * * * (/usr/local/bin/flock -n -E 0 -o /tmp/updaterrd.lock /usr/local/opnsense/scripts/health/updaterrd.php) > /dev/null
1 3 1 * * (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null
* * * * * (/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py --quick) > /dev/null
If i run the /sbin/pfctl the redirection of stdout in not enough because you get "0/0 addresses expired." in stderr
root@OPNsense-VPN:/etc # (/sbin/pfctl -t 'virusprot' -T expire '3600') > /dev/null
0/0 addresses expired.
because of this i'm getting mails every 15 minutes ( output in crontab )
i've fixed adding 2>&1 but it was lost after because an update I think.
anyway this seems like a pretty stupid thing or I am missing something and I'm the stupid one?
thanks.
Can you try pfctl -q ? it's a bit of a bold decision to add diagnostic values to utility's stderr output.
Cheers,
Franco
ok, that's better. no output and it won't prevent real errors popping out in the future
( /sbin/pfctl -q -t 'sshlockout' -T expire '3600' )
but the real question is, nobody else is suffering this ?
I don't have customized anything, those 2 crontab came like that in the standard installation I suppose.
I'm afraid i will lose that fix after an update or something.
For everyone else. Works on my end as well:
# opnsense-patch https://github.com/opnsense/core/commit/30987d973ad
> but the real question is, nobody else is suffering this ?
I think most don't subscribe to system mail and or do not forward it.
The regression is relatively recent though since we used to use expiretable for that purpose, not pfctl:
> community/25.7/25.7:o firewall: removed the expiretable binary use in favour of the builtin pfctl
Cheers,
Franco
that makes sense ... I actually just noticed when kept getting "You have new mail" in the console while I was debugging something else ... Probably won't even notice it it weren't for that ...
Yep, thanks a lot for the report! :)
Cheers,
Franco