OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: chemlud on September 28, 2020, 10:33:34 am

Title: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: chemlud on September 28, 2020, 10:33:34 am

Hi again!

Last year we had this every 15 min, a reload due to schedules rules,

https://forum.opnsense.org/index.php?topic=13792.0

but lately (since 20.7? I'm still on 20.7.1, reluctant to update...) it's every few minutes and kills off all states between LAN interfaces, tunnels, etc. Quite annoying...

Code: [Select]

2020-09-28T10:16:01 kernel pflog0: promiscuous mode enabled
2020-09-28T10:16:01 kernel pflog0: promiscuous mode disabled
2020-09-28T10:16:00 root[45899] reload filter for configured schedules
...
2020-09-28T10:15:35 kernel pflog0: promiscuous mode enabled
2020-09-28T10:15:35 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:11:15 kernel pflog0: promiscuous mode enabled
2020-09-28T10:11:15 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:10:13 kernel pflog0: promiscuous mode enabled
2020-09-28T10:10:13 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:05:04 kernel pflog0: promiscuous mode enabled
2020-09-28T10:05:04 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:04:03 kernel pflog0: promiscuous mode enabled
2020-09-28T10:04:03 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:02:40 kernel pflog0: promiscuous mode enabled
2020-09-28T10:02:40 kernel pflog0: promiscuous mode disabled
...
2020-09-28T10:01:33 kernel pflog0: promiscuous mode enabled
2020-09-28T10:01:33 kernel pflog0: promiscuous mode disabled
2020-09-28T10:01:01 kernel pflog0: promiscuous mode enabled
2020-09-28T10:01:01 kernel pflog0: promiscuous mode disabled
2020-09-28T10:01:00 root[61420] reload filter for configured schedules
...
2020-09-28T09:51:27 kernel pflog0: promiscuous mode enabled
2020-09-28T09:51:27 kernel pflog0: promiscuous mode disabled
...
2020-09-28T09:50:23 kernel pflog0: promiscuous mode enabled
2020-09-28T09:50:23 kernel pflog0: promiscuous mode disabled
...
2020-09-28T09:46:03 kernel pflog0: promiscuous mode enabled
2020-09-28T09:46:03 kernel pflog0: promiscuous mode disabled
2020-09-28T09:46:01 kernel pflog0: promiscuous mode enabled
2020-09-28T09:46:01 kernel pflog0: promiscuous mode disabled
2020-09-28T09:46:00 root[79453] reload filter for configured schedules
In backend log I have:

Code: [Select]

2020-09-28T10:16:25 configd.py[31334] [88ef6a4c-852e-4c2d-9e9c-e80f68f19043] request filter log output
2020-09-28T10:16:23 configd.py[31334] [1616101d-c321-4686-87dc-6e8c35f1e0bc] request filter log output
2020-09-28T10:16:23 configd.py[31334] [ded9d7ec-0afe-4496-993a-a9291b0ddf8b] request pfctl byte/packet counters
2020-09-28T10:16:21 configd.py[31334] [ae0e98a4-6989-4aab-9e69-8bf663921ace] request filter log output
2020-09-28T10:16:19 configd.py[31334] [b92ed1aa-9564-4307-a083-87cea652604b] request filter log output
2020-09-28T10:16:18 configd.py[31334] [6fd12758-9661-47f3-903e-b33bb4a6e17b] request pfctl byte/packet counters
2020-09-28T10:16:17 configd.py[31334] [978e34da-1603-43db-8a73-43fffee75e7b] request filter log output
2020-09-28T10:16:17 configd.py[31334] [0ddb16e1-3625-4f03-a6f1-8c279333bbe7] list installed devices
2020-09-28T10:16:01 configd.py[31334] message dc6d2c1d-4c4e-44ae-a51a-fbebc462a689 [filter.refresh_aliases] returned
2020-09-28T10:16:00 configd.py[31334] [dc6d2c1d-4c4e-44ae-a51a-fbebc462a689] refresh url table aliases
2020-09-28T10:16:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:16:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:16:00 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:16:00 configd.py[31334] [83acc2e7-2109-460e-a715-1195d6e6b58b] generate template OPNsense/Filter
2020-09-28T10:15:36 configd.py[31334] message 6d10a7e2-22f5-4b64-81d5-19e536b48056 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T10:15:35 configd.py[31334] [4d4939e8-16dc-44f0-ac91-2c0a859b5667] updating dyndns WAN_DHCP
2020-09-28T10:15:35 configd.py[31334] [6d10a7e2-22f5-4b64-81d5-19e536b48056] refresh url table aliases
2020-09-28T10:15:35 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:15:35 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:15:35 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:15:35 configd.py[31334] [9c85d546-b2db-4062-864c-403a0102bded] generate template OPNsense/Filter
2020-09-28T10:15:34 configd.py[31334] [008732dd-da96-4489-931f-a0ba8cd09c5d] Reloading filter
2020-09-28T10:15:07 configd.py[31334] [dca11649-55cc-4efa-b51b-b3a59666fc24] Show log
2020-09-28T10:14:57 configd.py[31334] [eed4e98d-2ceb-4b2a-998d-5e27bc5677bb] Show log
2020-09-28T10:14:14 configd.py[31334] [a889176c-b98c-4712-9558-7b7d48cf0721] Show log
2020-09-28T10:14:14 configd.py[31334] [aa2f75cc-2265-477d-8538-c8b82cd89c1a] request filter log output
2020-09-28T10:14:12 configd.py[31334] [9baec4af-1f4b-447b-a60d-0ee83d2924d5] request pfctl byte/packet counters
2020-09-28T10:14:12 configd.py[31334] [e8977602-ff53-43b7-a2f0-4a63af641614] request filter log output
2020-09-28T10:14:10 configd.py[31334] [3d9aca19-f0c9-4cda-923b-ad5528cf6acc] request filter log output
2020-09-28T10:14:08 configd.py[31334] [cd62429c-2120-465b-9eaf-c145704310cb] request filter log output
2020-09-28T10:14:07 configd.py[31334] [0a55478b-40e0-43fc-9d91-49f12289497f] request pfctl byte/packet counters
2020-09-28T10:14:06 configd.py[31334] [50bb6653-ee72-4b3e-a10a-5a27ce08a1ee] request filter log output
2020-09-28T10:14:05 configd.py[31334] [2853ddde-6fca-4db5-bc1a-ec4219f23591] list installed devices
2020-09-28T10:11:16 configd.py[31334] message 48a40980-2eca-4712-93fb-2d59538e583d [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T10:11:15 configd.py[31334] [94f318ef-643e-418e-b13c-5ae57ed0d3fb] updating dyndns WAN_DHCP
2020-09-28T10:11:15 configd.py[31334] [48a40980-2eca-4712-93fb-2d59538e583d] refresh url table aliases
2020-09-28T10:11:15 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:11:15 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:11:15 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:11:15 configd.py[31334] [e5bc8a6f-ad68-48cc-b170-6e2477668ff8] generate template OPNsense/Filter
2020-09-28T10:11:14 configd.py[31334] [c8e242dc-da51-4bc6-8cdf-1d4610bc7f55] Reloading filter
2020-09-28T10:10:13 configd.py[31334] message 3caa6ee7-7fd4-44c2-8400-76766e009e78 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T10:10:13 configd.py[31334] [8bf9a6db-4dc8-4106-8843-47b7c33d4160] updating dyndns WAN_DHCP
2020-09-28T10:10:13 configd.py[31334] [3caa6ee7-7fd4-44c2-8400-76766e009e78] refresh url table aliases
2020-09-28T10:10:13 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:10:13 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:10:13 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:10:13 configd.py[31334] [14612f9c-7655-4cab-90e6-c59daf65f3b6] generate template OPNsense/Filter
2020-09-28T10:10:12 configd.py[31334] [2d6ef1f0-df90-4c0a-b8d6-e832fadae10f] Reloading filter
2020-09-28T10:05:04 configd.py[31334] [b887b828-c1ca-46d3-b3f5-802321a233b9] updating dyndns WAN_DHCP
2020-09-28T10:05:04 configd.py[31334] message 6793272a-b2ff-4c05-aa3f-0a1662c36c50 [filter.refresh_aliases] returned
2020-09-28T10:05:04 configd.py[31334] [6793272a-b2ff-4c05-aa3f-0a1662c36c50] refresh url table aliases
2020-09-28T10:05:04 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:05:04 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:05:04 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:05:04 configd.py[31334] [ea23a6d7-523b-4977-a4fd-496b0487b08d] generate template OPNsense/Filter
2020-09-28T10:05:03 configd.py[31334] [dcabf918-34cf-41a2-8fd4-0eaa73160b94] Reloading filter
2020-09-28T10:04:03 configd.py[31334] [b3f42468-b0d2-43c8-90f9-28787fd2ed8d] updating dyndns WAN_DHCP
2020-09-28T10:04:03 configd.py[31334] message bd000dc1-76aa-482a-a0ce-106fdff832f6 [filter.refresh_aliases] returned
2020-09-28T10:04:03 configd.py[31334] [bd000dc1-76aa-482a-a0ce-106fdff832f6] refresh url table aliases
2020-09-28T10:04:03 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:04:03 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:04:03 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:04:02 configd.py[31334] [f3a8d093-709c-4b24-b12e-7959d2f4277b] generate template OPNsense/Filter
2020-09-28T10:04:02 configd.py[31334] [8d9c8c2b-967f-4e55-aa2e-c7b86fae045e] Reloading filter
2020-09-28T10:03:00 configd.py[31334] [fcab3f7f-5410-409f-aac1-742a3de30b7e] refresh url table aliases
2020-09-28T10:02:46 configd.py[31334] message 7e52f3e0-cb64-4422-a6a1-12ccb5e50120 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T10:02:40 configd.py[31334] [e9b8b04a-08ba-418f-ba70-0810ff424c34] updating dyndns WAN_DHCP
2020-09-28T10:02:40 configd.py[31334] [7e52f3e0-cb64-4422-a6a1-12ccb5e50120] refresh url table aliases
2020-09-28T10:02:40 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:02:40 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:02:40 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:02:40 configd.py[31334] [cc8c6c91-ef48-43a6-bd81-f4a0a60bfddd] generate template OPNsense/Filter
2020-09-28T10:02:39 configd.py[31334] [c394844c-e4aa-4e6e-bcab-bbd57c7b8871] Reloading filter
2020-09-28T10:01:33 configd.py[31334] message e0985857-d45e-4c57-97a1-b3c384543341 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T10:01:33 configd.py[31334] [a6e4031b-3c80-4157-8bd9-69be6abb06d7] updating dyndns WAN_DHCP
2020-09-28T10:01:33 configd.py[31334] [e0985857-d45e-4c57-97a1-b3c384543341] refresh url table aliases
2020-09-28T10:01:33 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:01:33 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:01:33 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:01:32 configd.py[31334] [08809828-a922-4ed3-be6f-1a1fff075273] generate template OPNsense/Filter
2020-09-28T10:01:31 configd.py[31334] [2fb6abaa-9dc8-4281-9a2f-1b7f97be99fd] Reloading filter
2020-09-28T10:01:00 configd.py[31334] message ac89d7fa-efde-45fe-aaaf-131ee4d10c9b [filter.refresh_aliases] returned
2020-09-28T10:01:00 configd.py[31334] [ac89d7fa-efde-45fe-aaaf-131ee4d10c9b] refresh url table aliases
2020-09-28T10:01:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T10:01:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T10:01:00 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T10:01:00 configd.py[31334] [98a9cff9-c3d4-436c-8934-566a6783193e] generate template OPNsense/Filter
2020-09-28T09:51:28 configd.py[31334] message d076cfd6-b27f-49ab-b7c6-37c1eca6efc9 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T09:51:27 configd.py[31334] [f99cd913-0908-4ab5-9333-6258395ee92b] updating dyndns WAN_DHCP
2020-09-28T09:51:27 configd.py[31334] [d076cfd6-b27f-49ab-b7c6-37c1eca6efc9] refresh url table aliases
2020-09-28T09:51:27 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T09:51:27 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T09:51:27 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T09:51:27 configd.py[31334] [c310d0b9-b3f6-4661-83c6-9cd857827083] generate template OPNsense/Filter
2020-09-28T09:51:26 configd.py[31334] [771c72e6-93ee-45ce-9d9d-97df30546cf7] Reloading filter
2020-09-28T09:50:23 configd.py[31334] message 7ca07c05-850e-44b6-8e65-6f93251ca8f2 [filter.refresh_aliases] returned {"status": "ok"}
2020-09-28T09:50:23 configd.py[31334] [9e0f1de7-41f3-4420-b90d-b611098fcaed] updating dyndns WAN_DHCP
2020-09-28T09:50:23 configd.py[31334] [7ca07c05-850e-44b6-8e65-6f93251ca8f2] refresh url table aliases
2020-09-28T09:50:23 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T09:50:23 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T09:50:23 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T09:50:23 configd.py[31334] [41d6234e-7636-4b05-b83c-a00ebeb1a94c] generate template OPNsense/Filter
2020-09-28T09:50:22 configd.py[31334] [04b6d84d-319c-4ff7-bcf6-a4f223740dd7] Reloading filter
2020-09-28T09:46:03 configd.py[31334] [cf44e5f4-1f22-4251-b395-5c6ad7ce5ab3] updating dyndns WAN_DHCP
2020-09-28T09:46:03 configd.py[31334] message 5e12ff25-9898-4efd-8097-53ee164f1070 [filter.refresh_aliases] returned
2020-09-28T09:46:03 configd.py[31334] [5e12ff25-9898-4efd-8097-53ee164f1070] refresh url table aliases
2020-09-28T09:46:03 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T09:46:03 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T09:46:03 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T09:46:03 configd.py[31334] [1bcafca0-8262-4a53-b553-8c49c77b767a] generate template OPNsense/Filter
2020-09-28T09:46:02 configd.py[31334] [837d90b8-feba-4206-858c-cb7ff3d28177] Reloading filter
2020-09-28T09:46:00 configd.py[31334] message c8ce6a52-1851-4d9d-bfb6-643e5719f515 [filter.refresh_aliases] returned
2020-09-28T09:46:00 configd.py[31334] [c8ce6a52-1851-4d9d-bfb6-643e5719f515] refresh url table aliases
2020-09-28T09:46:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-28T09:46:00 configd.py[31334] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-28T09:46:00 configd.py[31334] generate template container OPNsense/Filter
2020-09-28T09:46:00 configd.py[31334] [997b102a-10da-479b-a031-b2591e603092] generate template OPNsense/Filter
Has apparently nothing to do with IPS alerts, no correlation at all.

All hardware offloading disabled, WAN is em0, LANs igb0 to igb3...

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: chemlud on September 29, 2020, 09:55:47 am

...updated to 20.7.3 last night, apparently stable now, will follow-up... ;-)

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: chemlud on September 29, 2020, 10:33:22 am

Now it's back again:

Code: [Select]

2020-09-29T10:30:21 opnsense[73791] /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!
2020-09-29T10:30:21 opnsense[73791] /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan__1.cache: xx.yy.zz.aa.bb.cc
2020-09-29T10:30:19 opnsense[73791] /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!
2020-09-29T10:30:19 opnsense[73791] /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan__0.cache: xx.yy.zz.aa.bb.cc
2020-09-29T10:30:19 kernel pflog0: promiscuous mode enabled
2020-09-29T10:30:19 kernel pflog0: promiscuous mode disabled
2020-09-29T10:29:20 opnsense[30735] /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!
2020-09-29T10:29:20 opnsense[30735] /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan__1.cache: xx.yy.zz.aa.bb.cc
2020-09-29T10:29:19 opnsense[30735] /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!
2020-09-29T10:29:19 opnsense[30735] /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan__0.cache: xx.yy.zz.aa.bb.cc
2020-09-29T10:29:18 kernel pflog0: promiscuous mode enabled
2020-09-29T10:29:18 kernel pflog0: promiscuous mode disabled
2020-09-29T10:16:01 kernel pflog0: promiscuous mode enabled
2020-09-29T10:16:01 kernel pflog0: promiscuous mode disabled
Meanwhile in "Backend log"

Code: [Select]

2020-09-29T10:30:19 configd.py[1835] [d0bd4b03-3f9c-43e9-a6cf-a04325e3d59e] updating dyndns WAN_DHCP
2020-09-29T10:30:19 configd.py[1835] [35b01774-b332-40d9-a174-a2a8aaef8325] refresh url table aliases
2020-09-29T10:30:19 configd.py[1835] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-29T10:30:19 configd.py[1835] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-29T10:30:18 configd.py[1835] generate template container OPNsense/Filter
2020-09-29T10:30:18 configd.py[1835] [a0d5e5b2-1a5a-431f-9273-e3d8d361d8d8] generate template OPNsense/Filter
2020-09-29T10:30:17 configd.py[1835] [979f8bf4-2fef-4e5b-8d5d-6c0349c29f1b] Reloading filter
2020-09-29T10:29:18 configd.py[1835] message 526db3a9-1d8d-4dbc-b7ff-0d7e0854110d [filter.refresh_aliases] returned {"status": "ok"}
2020-09-29T10:29:18 configd.py[1835] [fc0b263a-8661-495f-8fcc-f76fdfc78479] updating dyndns WAN_DHCP
2020-09-29T10:29:18 configd.py[1835] [526db3a9-1d8d-4dbc-b7ff-0d7e0854110d] refresh url table aliases
2020-09-29T10:29:18 configd.py[1835] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-09-29T10:29:18 configd.py[1835] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-09-29T10:29:18 configd.py[1835] generate template container OPNsense/Filter
2020-09-29T10:29:17 configd.py[1835] [a72dabfe-ee5f-4f7f-a926-27b7899112d5] generate template OPNsense/Filter
2020-09-29T10:29:17 configd.py[1835] [c34361e2-628d-4b26-96a1-5cb839315eba] Reloading filter
:-(

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: poupin on October 24, 2020, 11:31:48 am

Hello,

I'm facing to similar behaviour since switched to 20.7 (currently running on 20.7.4):

Code: [Select]

2020-10-24T11:16:04 kernel pflog0: promiscuous mode enabled
2020-10-24T11:16:04 kernel pflog0: promiscuous mode disabled
2020-10-24T11:16:00 root[38622] reload filter for configured schedules
2020-10-24T11:01:04 kernel pflog0: promiscuous mode enabled
2020-10-24T11:01:04 kernel pflog0: promiscuous mode disabled
2020-10-24T11:01:00 root[3511] reload filter for configured schedules
2020-10-24T10:46:04 kernel pflog0: promiscuous mode enabled
2020-10-24T10:46:04 kernel pflog0: promiscuous mode disabled
2020-10-24T10:46:00 root[25318] reload filter for configured schedules
2020-10-24T10:31:05 kernel pflog0: promiscuous mode enabled
2020-10-24T10:31:05 kernel pflog0: promiscuous mode disabled
2020-10-24T10:31:00 root[79202] reload filter for configured schedules
2020-10-24T10:16:04 kernel pflog0: promiscuous mode enabled
2020-10-24T10:16:04 kernel pflog0: promiscuous mode disabled
2020-10-24T10:16:00 root[75897] reload filter for configured schedules
2020-10-24T10:01:04 kernel pflog0: promiscuous mode enabled
2020-10-24T10:01:04 kernel pflog0: promiscuous mode disabled
2020-10-24T10:01:00 root[16756] reload filter for configured schedules

Would be great to know why that is happening.

Thank you for your support, Martin

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: thomasgg on December 04, 2020, 09:49:43 am

Having the same Problem running on 20.7.5.

Kills the connection and tunnels. But it's totally random. We can not see any pattern.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: thomasgg on December 04, 2020, 09:50:59 am

Also got this on 2 separate machines with nothing changed on the hardware side, so I would rule out a hardware thing.

@chemlud @poupin: I would like to rule out a provider thing, we are running on vodafone

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: poupin on December 04, 2020, 11:34:35 am

Hi Thomas,

I'm connected via local community provider via 5ghz network and the problem is present since I've migrated from 19.7.10 to 20.7 (so skipped 20.1). Currently I'm running using wan load balancing (connected via community provider and T-mobile LTE). On my machine the issue persists and happen periodically exactly each 15 minutes:

2020-12-04T11:16:05    pflog0: promiscuous mode enabled
2020-12-04T11:16:05    pflog0: promiscuous mode disabled
2020-12-04T11:16:00    reload filter for configured schedules
2020-12-04T11:01:05    pflog0: promiscuous mode enabled
2020-12-04T11:01:05    pflog0: promiscuous mode disabled
2020-12-04T11:01:00    reload filter for configured schedules

I'm using schedules to disable/enable traffic for selected users (e.g. block in late evening, etc). The schedules have 15min granularity in OPNsense, so thing if it could be somehow related to the schedules.

Thomas, are you using schedules?

Edit: finally I've found that in my case it happens due to how the schedules are implemented:
See reply from Franco in this thread: https://forum.opnsense.org/index.php?topic=13792.0

BR, Martin

Note: During migration I've did clean install of 20.7 and imported configuration via xml file, when migrated from 19.7.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: thomasgg on December 04, 2020, 02:28:36 pm

No, we are not using any schedules no cronjobs or firewall schedules.

Can you please check (after a few days) if the problem is gone or if it occurs less often.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Ricardo on December 04, 2020, 03:58:35 pm

For the uninformed masses (that'd be me), can someone explain (in short, or a URL to a proper longer version) what that pflog0 interfqce does in fact, and why its switching back and forth to promiscuous? Ps. I know what promisc mode for a normal NIC does, but for such virtual device I dont get it.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Scanline on December 04, 2020, 09:24:35 pm

Having the same problem. Connections drop every now and then, somtimes multiple times per minute, sometimes it takes some more minutes.

OPNsense 20.7.5-amd64 // up to date packages

Code: [Select]

General:
2020-12-04T21:08:25 kernel pflog0: promiscuous mode enabled
2020-12-04T21:08:25 kernel pflog0: promiscuous mode disabled

Backend:
2020-12-04T21:08:26 configd.py[932] message 2249bace-f1ab-4951-ab10-34003008d972 [filter.refresh_aliases] returned {"status": "ok"}
2020-12-04T21:08:25 configd.py[932] [ac4a9a66-1ff7-429d-8401-f85ae1b45c5b] updating dyndns <snip>
2020-12-04T21:08:25 configd.py[932] [2249bace-f1ab-4951-ab10-34003008d972] refresh url table aliases
2020-12-04T21:08:25 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-04T21:08:25 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-04T21:08:25 configd.py[932] generate template container OPNsense/Filter
2020-12-04T21:08:25 configd.py[932] [0b58104c-3461-4f29-9185-6be7ce99fd93] generate template OPNsense/Filter
2020-12-04T21:08:24 configd.py[932] [d28eca11-c501-4f0a-8385-295bd7efbf54] Reloading filter
https://pastebin.com/K7GPEhN0

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on December 05, 2020, 07:06:38 am

@Scanline

Quote

https://pastebin.com/K7GPEhN0

can you please share backend log for the same period?

@Ricardo

Quote

that pflog0 interfqce does in fact

firewall (pf) logging (log) interface. pf sends packets that you choose to log to this interface (adding some its headers)

Quote

and why its switching back and forth to promiscuous

it must be switched to promiscuous to grab packets from it. so you can see firewall logs in file or gui.
you can see filterlog process in activity

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Scanline on December 05, 2020, 08:30:24 am

I don't have the log anymore.

After I shut down my workstation the behavior stopped and hasn't returned since I turned my workstation back on.

/Edit: I can confirm that when the config interface isn't opened inside a browser, the issue doesn't appear, so far.

Code: [Select]

Dec  4 22:45:09 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  4 22:45:09 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  4 22:46:00 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  4 22:46:00 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  4 22:47:08 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  4 22:47:08 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  4 22:57:09 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  4 22:57:09 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  4 22:57:22 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  4 22:57:22 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  5 10:00:18 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  5 10:00:18 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  5 10:01:17 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  5 10:01:17 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  5 10:04:03 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  5 10:04:03 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  5 10:04:04 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  5 10:04:04 OPNsense kernel: pflog0: promiscuous mode enabled
Dec  5 10:04:06 OPNsense kernel: pflog0: promiscuous mode disabled
Dec  5 10:04:06 OPNsense kernel: pflog0: promiscuous mode enabled[/code
10:10 I closed the tab, it is now 13:00
/Edit2

It returned :(

Code: [Select]

2020-12-05T14:23:30 configd.py[932] [3e58f1c1-c342-4232-8a86-2eb1a10d2276] Show log
2020-12-05T14:23:28 configd.py[932] message d851624f-959f-433c-914d-4f5a9f98e48a [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:23:27 configd.py[932] [bad6ac7a-e482-4fc9-9bd3-92712d30124d] updating dyndns WG_MULLVAD_GW
2020-12-05T14:23:27 configd.py[932] [d851624f-959f-433c-914d-4f5a9f98e48a] refresh url table aliases
2020-12-05T14:23:27 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:23:27 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:23:27 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:23:26 configd.py[932] [9c1e580f-0f4c-417d-b3b1-c6e91e18aa48] generate template OPNsense/Filter
2020-12-05T14:23:26 configd.py[932] [46cc3743-03f3-41bc-ad71-d1e56308cf07] Reloading filter
2020-12-05T14:23:17 configd.py[932] [548e5ab7-3531-4626-b02c-b59e542cdc88] Show log
2020-12-05T14:23:16 configd.py[932] message bb9b39c7-5de1-48d1-ad69-cf8ec06dc41f [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:23:15 configd.py[932] [9b70e446-811e-453f-a8f6-9080b7970cc6] updating dyndns WG_MULLVAD_GW
2020-12-05T14:23:15 configd.py[932] [bb9b39c7-5de1-48d1-ad69-cf8ec06dc41f] refresh url table aliases
2020-12-05T14:23:15 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:23:15 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:23:15 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:23:15 configd.py[932] [09e0421f-0234-4a64-83c3-ea7b724a1b16] generate template OPNsense/Filter
2020-12-05T14:23:14 configd.py[932] [64538364-3f9d-4e7f-abd7-bd53c40f5c8e] Reloading filter
2020-12-05T14:23:11 configd.py[932] [cdfbf8f1-c37e-4925-a20e-888dcddf2e8a] Reading system temperature values
2020-12-05T14:23:11 configd.py[932] [b15ff43a-9e15-4ff1-af19-85b6cd11bea6] request pfctl byte/packet counters
2020-12-05T14:23:05 configd.py[932] [675b97f2-a13c-43a6-a1d8-7f15d5419810] Reading system temperature values
2020-12-05T14:23:04 configd.py[932] [ad933e3b-2087-4ccf-9273-e8eae74b2dca] request pfctl byte/packet counters
2020-12-05T14:21:54 configd.py[932] message e24066b6-3639-45a2-ae3e-87a7e115aa94 [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:21:53 configd.py[932] [f7dbdaa5-97f5-45c2-a8c7-d84d1e622cec] updating dyndns WG_MULLVAD_GW
2020-12-05T14:21:53 configd.py[932] [e24066b6-3639-45a2-ae3e-87a7e115aa94] refresh url table aliases
2020-12-05T14:21:53 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:21:53 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:21:53 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:21:53 configd.py[932] [262dbfda-0787-488d-9bfd-711df39c16c7] generate template OPNsense/Filter
2020-12-05T14:21:52 configd.py[932] [5382f17d-9631-4214-abbd-4b3f188e12d4] Reloading filter
2020-12-05T14:21:38 configd.py[932] message 1528e4cf-deab-437e-ab7e-642befea130b [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:21:37 configd.py[932] [3c92a705-a7d3-4f1c-97dd-c42c2c611c00] updating dyndns WG_MULLVAD_GW
2020-12-05T14:21:37 configd.py[932] [1528e4cf-deab-437e-ab7e-642befea130b] refresh url table aliases
2020-12-05T14:21:37 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:21:37 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:21:37 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:21:37 configd.py[932] [69a767ac-fa99-4434-8212-14eab983bf7c] generate template OPNsense/Filter
2020-12-05T14:21:36 configd.py[932] [bb52bea8-6036-49e6-805f-12fdf1fda36c] Reloading filter
2020-12-05T14:20:37 configd.py[932] message 1ea589b6-aac6-405b-8d91-52415f8965da [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:20:36 configd.py[932] [8604bf9d-9a8e-41f6-8bc9-d473172fdeb3] updating dyndns WG_MULLVAD_GW
2020-12-05T14:20:36 configd.py[932] [1ea589b6-aac6-405b-8d91-52415f8965da] refresh url table aliases
2020-12-05T14:20:36 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:20:36 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:20:35 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:20:35 configd.py[932] [a0d8911e-60b7-48a8-8e96-7747d332d130] generate template OPNsense/Filter
2020-12-05T14:20:35 configd.py[932] [a8e35c13-1faf-4bf5-ae0b-911bb2610e19] Reloading filter
2020-12-05T14:20:12 configd.py[932] message dcb11523-e364-4623-bfab-4c9a81d68409 [filter.refresh_aliases] returned {"status": "ok"}
2020-12-05T14:20:11 configd.py[932] [93e2b77b-759f-46bb-b5cb-80be5c387212] updating dyndns WG_MULLVAD_GW
2020-12-05T14:20:11 configd.py[932] [dcb11523-e364-4623-bfab-4c9a81d68409] refresh url table aliases
2020-12-05T14:20:11 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-12-05T14:20:11 configd.py[932] OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-12-05T14:20:10 configd.py[932] generate template container OPNsense/Filter
2020-12-05T14:20:10 configd.py[932] [5514d7ad-a5c0-4f1a-b65c-f0b7989a26b2] generate template OPNsense/Filter
2020-12-05T14:20:10 configd.py[932] [a9624d75-cc33-472a-9f45-628ed007f408] Reloading filter

Code: [Select]

2020-12-05T14:23:27 kernel pflog0: promiscuous mode enabled
2020-12-05T14:23:27 kernel pflog0: promiscuous mode disabled
2020-12-05T14:23:15 kernel pflog0: promiscuous mode enabled
2020-12-05T14:23:15 kernel pflog0: promiscuous mode disabled
2020-12-05T14:22:20 sudo[38393] *** : TTY=pts/1 ; PWD=/home/*** ; USER=root ; COMMAND=/usr/local/sbin/opnsense-shell
2020-12-05T14:22:20 sudo[38393] *** : TTY=pts/1 ; PWD=/home/*** ; USER=root ; COMMAND=/usr/local/sbin/opnsense-shell
2020-12-05T14:22:20 opnsense[18336]
2020-12-05T14:22:20 opnsense[18336] user *** authenticated successfully for sudo [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]
2020-12-05T14:22:16 sshd[49163] Accepted keyboard-interactive/pam for *** from 192.168.10.3 port 40538 ssh2
2020-12-05T14:22:16 sshd[49163] Postponed keyboard-interactive/pam for *** from 192.168.10.3 port 40538 ssh2 [preauth]
2020-12-05T14:22:16 opnsense[90495]
2020-12-05T14:22:16 opnsense[90495] user *** authenticated successfully for sshd [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]
2020-12-05T14:22:13 sshd[49163] Postponed keyboard-interactive for *** from 192.168.10.3 port 40538 ssh2 [preauth]
2020-12-05T14:22:13 sshd[49163] error: PAM: Authentication error for *** from 192.168.10.3
2020-12-05T14:22:13 sshd[49163] error: PAM: Authentication error for *** from 192.168.10.3
2020-12-05T14:22:13 opnsense[52151]
2020-12-05T14:22:13 opnsense[52151] user *** could not authenticate for sshd. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]
2020-12-05T14:21:53 kernel pflog0: promiscuous mode enabled
2020-12-05T14:21:53 kernel pflog0: promiscuous mode disabled
2020-12-05T14:21:37 kernel pflog0: promiscuous mode enabled
2020-12-05T14:21:37 kernel pflog0: promiscuous mode disabled
2020-12-05T14:20:36 kernel pflog0: promiscuous mode enabled
2020-12-05T14:20:36 kernel pflog0: promiscuous mode disabled
2020-12-05T14:20:11 kernel pflog0: promiscuous mode enabled
2020-12-05T14:20:11 kernel pflog0: promiscuous mode disabled

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on December 06, 2020, 10:54:24 am

Quote

I can confirm that when the config interface isn't opened inside a browser, the issue doesn't appear, so far.

intresting. there is some logic

Quote

It returned

again with GUI opened?
can you determine which tab it is associated with? Dashboard?

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Scanline on December 06, 2020, 11:34:44 am

Today I removed the cause for this entry:

2020-12-05T14:21:53   configd.py[932]   [f7dbdaa5-97f5-45c2-a8c7-d84d1e622cec] updating dyndns WG_MULLVAD_GW

WG_MULLVAD_GW didn't even exist anymore, so far I don't didn't have a single issue in > 5 h. Yesterday the issue was getting worse the later it got. Also with my PC shut down and nothing accessing the web front end. Let's see if it was the dpinger thing. So far, it looks good.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Ricardo on December 07, 2020, 09:57:01 am

Quote from: Fright on December 05, 2020, 07:06:38 am

@Scanline

Quote

https://pastebin.com/K7GPEhN0

can you please share backend log for the same period?

@Ricardo

Quote

that pflog0 interfqce does in fact

firewall (pf) logging (log) interface. pf sends packets that you choose to log to this interface (adding some its headers)

Quote

and why its switching back and forth to promiscuous

it must be switched to promiscuous to grab packets from it. so you can see firewall logs in file or gui.
you can see filterlog process in activity

So if I understood you correctly, pflog0 promisc enable/disable should only happen when I watch the logs of the firewall (e.g. GUI firewall Live view)?

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on December 07, 2020, 10:22:28 am

Quote

So if I understood you correctly, pflog0 promisc enable/disable should only happen when I watch the logs of the firewall (e.g. GUI firewall Live view)?

no, pflog0 promisc enabled every time pf loads.
filterlog grabs packets to filter.log continuously.
when you view logs in GUI they are taken from the file

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Ricardo on December 07, 2020, 08:45:49 pm

Quote from: Fright on December 07, 2020, 10:22:28 am

Quote

So if I understood you correctly, pflog0 promisc enable/disable should only happen when I watch the logs of the firewall (e.g. GUI firewall Live view)?

no, pflog0 promisc enabled every time pf loads.
filterlog grabs packets to filter.log continuously.
when you view logs in GUI they are taken from the file

Sorry, but still a mistery! What does it mean "pf loads"?? On a live running opnsense router+firewall, when does pf "load"? As the dmesg pflog0 promisc enable/disable is hapenning multiple times since last reboot.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on December 07, 2020, 09:48:24 pm

sorry )
"loads" means: file with rules created, states killed (if needed), rules loaded, filterlog started etc..

Quote

As the dmesg pflog0 promisc enable/disable is hapenning multiple times since last reboot

yes. this string indicates that the firewall was (re)loaded (can say "restarted")

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Ricardo on December 08, 2020, 06:51:02 am

Scratching my head until it bleeds...
I may not know anything, how pf works or behaves.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on December 08, 2020, 07:11:12 am

Quote

how pf works or behaves

cause it's not about pf )
its about OPN managing pf when something in environment changed and pf settings needs to be changed accordingly

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: schmidja on January 13, 2021, 03:01:03 am

Hi all. New member here. I've been having the continuous promiscuous mode enable/disable, never ending.  I turned off all logging - literally searched for any logfile config options - and this promiscuous mode activty stopped immediately. Maybe you all have discovered this already, but in case you haven't, you might try that and see if you have the same results.
Thanks.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Rajstopy on January 13, 2021, 04:45:36 pm

Hi all,

Having this issue as well, the situation seems to be worse now, the network being incredibly slow, almost unusable.

That said, after some browsing, I read somewhere that the promiscuous mode enable / disable may be linked to a network interface card going up and down. I remember I already had some issues with my poor quality patch panel I should replace. Will just check this evening if that could be linked to a bad connection...

R.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: Fright on January 13, 2021, 05:38:57 pm

Once again: "pflog0: promiscuous mode dis-/enabled" message in itself speaks only of pf reloading. to find out the reasons for the frequent pf reload, you need to look at the all logs for more info

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: packet loss on March 18, 2021, 01:51:50 am

Anyone happen to be using Suricata or a RealTek NIC?

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: meichthys on May 04, 2021, 06:28:07 am

Quote from: packet loss on March 18, 2021, 01:51:50 am

Anyone happen to be using Suricata or a RealTek NIC?

Suricata Yes, RealTek NIC No.

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: badsmoke on June 23, 2021, 11:09:08 am

is there any news? i have the same problem



```
2021-06-23T09:31:05   pflog0: promiscuous mode enabled
2021-06-23T09:31:05   pflog0: promiscuous mode disabled
2021-06-23T09:30:22   pflog0: promiscuous mode enabled
2021-06-23T09:30:22   pflog0: promiscuous mode disabled
2021-06-23T09:07:06   pflog0: promiscuous mode enabled
2021-06-23T09:07:06   pflog0: promiscuous mode disabled
2021-06-23T09:06:19   pflog0: promiscuous mode enabled
2021-06-23T09:06:19   pflog0: promiscuous mode disabled
```


```
2021-06-23T09:31:05   configd.py[60440]   message f39ecb4d-00d6-431b-8ad4-12c06e3155e3 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:31:05   configd.py[60440]   [68b12c50-8745-421b-a5fa-59e4d3163c10] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:31:05   configd.py[60440]   [f39ecb4d-00d6-431b-8ad4-12c06e3155e3] refresh url table aliases   
2021-06-23T09:31:05   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:31:05   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:31:05   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:31:05   configd.py[60440]   [e4ddadaa-2090-4d7e-b073-685dce634613] generate template OPNsense/Filter   
2021-06-23T09:31:05   configd.py[60440]   [a44ae51a-aa8d-4c24-93db-0e3611b48137] Reloading filter   
2021-06-23T09:30:22   configd.py[60440]   message 3b039a39-97c3-4ecb-b697-46bf873fce99 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:30:22   configd.py[60440]   [00c022c0-f6b6-4e4e-8c25-a30ca8563993] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:30:22   configd.py[60440]   [3b039a39-97c3-4ecb-b697-46bf873fce99] refresh url table aliases   
2021-06-23T09:30:22   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:30:22   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:30:22   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:30:22   configd.py[60440]   [d2d5af04-5604-4f17-8fc4-dad240320d7e] generate template OPNsense/Filter   
2021-06-23T09:30:21   configd.py[60440]   [acbb5b96-cc0e-43ce-a6c2-66662fb6e4a6] Reloading filter   
2021-06-23T09:07:06   configd.py[60440]   message 691ad808-0cd9-4c53-865c-9e517ab4a349 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:07:06   configd.py[60440]   [7878e15b-6dd4-4ed3-bac4-dbb36ff3ea57] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:07:06   configd.py[60440]   [691ad808-0cd9-4c53-865c-9e517ab4a349] refresh url table aliases   
2021-06-23T09:07:06   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:07:06   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:07:06   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:07:06   configd.py[60440]   [6cdb3d0c-b2b4-45ad-aa22-e6c6261646be] generate template OPNsense/Filter   
2021-06-23T09:07:06   configd.py[60440]   [d8e79a30-c43b-4c27-a881-aac339134507] Reloading filter   
2021-06-23T09:06:19   configd.py[60440]   message 0510316c-e7d1-41f8-a3d4-71d15b2986e6 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:06:19   configd.py[60440]   [a54d07c1-af2d-4797-a4ca-ebe499ba2eb4] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:06:19   configd.py[60440]   [0510316c-e7d1-41f8-a3d4-71d15b2986e6] refresh url table aliases   
2021-06-23T09:06:19   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:06:19   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:06:19   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:06:19   configd.py[60440]   [81d12d59-0806-4fcd-8493-f221bd66d4d4] generate template OPNsense/Filter   
2021-06-23T09:06:18   configd.py[60440]   [06fc4f4d-259b-4acf-8beb-9cb64e88c6f9] Reloading filter
```

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: franco on June 23, 2021, 11:37:03 am

Kernel log and configd log are mostly irrelevant. It's simple: something reloads the firewall rules so the system log will tell us what component is doing it and maybe also why.


Cheers,
Franco

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: badsmoke on June 23, 2021, 11:39:09 am

ok but how to proceed, where is there a way to find out what restarts the firewall rules?

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: chemlud on June 23, 2021, 11:46:20 am

I don't see this currently on my installs... :-)

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: franco on June 23, 2021, 01:19:08 pm

> ok but how to proceed, where is there a way to find out what restarts the firewall rules?

I think I said so: system logs via System: Log Files: General.


Cheers,
Franco

Title: Re: kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min
Post by: chemlud on June 23, 2021, 01:37:51 pm

Quote from: franco on June 23, 2021, 01:19:08 pm

> ok but how to proceed, where is there a way to find out what restarts the firewall rules?

I think I said so: system logs via System: Log Files: General.


Cheers,
Franco

...in my case there was nothing in the logs...