OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: cguilford on February 28, 2019, 08:55:02 pm
-
I updated to 19.1.2 and now I'm seeing ALOT of LAN activity being blocked?
LAN Feb 28 14:53:47 [fe80::5e96:56ff:febf:70e7]:546 [ff02::1:2]:547 UDP allow access to DHCPv6 server on LAN
LAN Feb 28 14:53:45 192.168.29.100:40318 54.175.224.52:2350 tcp Default deny rule
LAN Feb 28 14:53:45 40.134.81.116:19856 192.168.29.10:32400 tcp let out anything from firewall host itself
LAN Feb 28 14:53:44 40.134.81.116:19836 192.168.29.10:32400 tcp let out anything from firewall host itself
LAN Feb 28 14:53:42 192.168.29.101:34350 52.87.251.209:2350 tcp Default deny rule
LAN Feb 28 14:53:37 40.134.81.116:19735 192.168.29.10:32400 tcp let out anything from firewall host itself
LAN Feb 28 14:53:36 192.168.29.102:40790 54.175.224.52:2350 tcp Default deny rule
LAN Feb 28 14:53:36 34.245.172.51:41078 192.168.29.10:32400 tcp let out anything from firewall host itself
LAN Feb 28 14:53:24 192.168.29.10:59736 35.241.26.53:443 tcp Default deny rule
LAN Feb 28 14:53:20 192.168.29.10:54240 173.194.197.188:5228 tcp Default deny rule
LAN Feb 28 14:53:17 192.168.29.100:47928 172.217.7.130:443 tcp Default deny rule
LAN Feb 28 14:53:17 192.168.29.100:39756 216.58.192.129:443 tcp Default deny rule
-
Probably TCP connection termination right after reboot... state table is empty so it'll not allow connections that it knew before the reboot. This is how it should work. :)
Cheers,
Franco
-
Alright just wanted to make sure something crazy wasn't going on. Thanks for all your hard work!
-
Gladly, appreciate any heads-up! 8)
-
I'm seeing alot of the following in the logfile under General -
Feb 28 15:19:52 api[85094]: no active session, user not found
Feb 28 15:19:49 api[85094]: no active session, user not found
Feb 28 15:19:46 api[2864]: no active session, user not found
Feb 28 15:19:43 api[2864]: no active session, user not found
Feb 28 15:19:40 api[2864]: no active session, user not found
Feb 28 15:19:37 api[2864]: no active session, user not found
Feb 28 15:19:34 api[2864]: no active session, user not found
Feb 28 15:19:31 api[2864]: no active session, user not found
-
Could be https://github.com/opnsense/core/commit/ab3b5b5 ... try flipping the patch:
# opnsense-patch ab3b5b5
I'm assuming the error was always there or not overly relevant -- visible or not -- something is polling the API
Cheers,
Franco
-
I've applied the patch .. now change..do I need to restart for it to apply?
-
I had a number of these 'no active session' msgs as well during the few minutes after the update process finished
none for a while now though
-
Should be instantly applied. So it's not that... let's wait and see.
-
My log file is still flooding with this.. every 3 seconds
Mar 1 07:38:33 api[35624]: no active session, user not found
Mar 1 07:38:30 api[94480]: no active session, user not found
Mar 1 07:38:27 api[35624]: no active session, user not found
-
I'm seeing the backend log full of
Mar 1 07:38:34 configd.py: [833a4b4d-8f23-4e2d-8fb3-2d5010874f57] request filter log output
Mar 1 07:38:32 configd.py: [14830aa8-15a9-474e-8525-f545c4696f54] request pfctl byte/packet counters
Mar 1 07:38:32 configd.py: [1451130f-5b15-47b6-8a9b-e13cfd3fc8da] request filter log output
Mar 1 07:38:30 configd.py: [23e75e03-19a5-472e-8add-8932daaf0067] request filter log output
Mar 1 07:38:28 configd.py: [0f53c6e7-d5fa-4efc-a0a5-8674d2cfa401] request filter log output
Mar 1 07:38:26 configd.py: [ca3b6756-d724-445a-9685-9e06db66c8e8] request pfctl byte/packet counters
Mar 1 07:38:26 configd.py: [4fa48e9a-5747-4d87-b68d-d22eccfd137a] request filter log output
-
Under the WebGui logs I'm seeing this.. not sure if ties in but it's about every 3 seconds as well? I've replaced my firewall details with X - I tried reinstalling the Lighttpd package to no avail?
lighttpd[47626]: 192.168.29.10 x.x.com - [01/Mar/2019:07:53:55 -0500] "GET /api/diagnostics/firewall/log/?limit=100 HTTP/1.1" 401 0 "https://x.x.com/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36"
I've also done a log clear so that everything is clean there and it's still filling up,
I've also reset netflow and rrd data.
-
Sorry for another Update it seems to be tied to Unbound DNS somehow... If I stop the service the log file clears up. I tried to reinstall it to no avail, but when I turn it back on it starts flooding the log file again.
-
Got it resolved, I had to delete an "Override" that I had listed there and then re add it and that seems to have resolved my issue.