Messages

It is HW and configuration import from 21.7 version.

Made some other tests.
Created a new alias and enabled Statistics in the same step, save and apply. Looking under Firewall:Diagnostics:Aliases shows 0 as values. Now created a rule with this alias -> no problem. See attached file alias10.png

Now i created a new alias with disabled Statistics (which is default), save and apply. Then I enabled Statistics in a second step, saved and applied. Looking under Firewall:Diagnostics:Aliases shows strange values. Now created a rule with this alias -> the firewall crashes. See attached file alias20.png

It seems that enabling Statistics for already existing aliases is the problem.

Created a new (unused) alias and enabled Statistics -> no problem
Created a rule with this new alias and firewall crashed immediately after applying.

Attached is a kernel dump, can't send it directly because this firewall has no internet connection.

I enabled the "Statistics" checkbox (previously unchecked) in an host alias entry. When I apply this change the firewall crashes and reboot immediatley.

I created a bug report on githup (#2883) and the developers found the problem. Hopefully the fix will be in the next release.

OPNsense 18.7.6
I changed an already defined Port Range in aliases, saved and applied it. But pfInfo shows me still the old range in the firewall rule. So it seems the firewall rule was not updated. In 18.7.5 this works without problems.

Helmut

Tested with Firefox, Chrome and Edge. Only Firefox has this problem. Chrome and Edge view of subnetmask is ok.

ok, Ticket auf GitHup ist erstellt.

Gruß Helmut

Hallo,

wenn ich im Fenster von pftop (unter Firewall:Diagnostics:pftop) nach rechts scrolle, wird mir bei jeder Aktualisierung des Fensterinhalts der horizontale Scrollbalken wieder ganz nach links verschoben. Da die Aktualisierung im Sekundentakt stattfindet ist es ziemlich schwierig die Werte abzulesen. In anderen Fenstern, z.B. pfinfo:Rules passiert das nicht. Gibt es da Möglichkeiten das zu verhindern?

Gruß
Helmut

During my tests with the rc.update_bogons script i realized that cron does not reload new time settings with kill -s HUP (cron pid). As descriped in the cron manpage changing the modification time of the spool directory /var/cron/tabs does the trick. No HUP Signal needed.

As far as i can see, the cron entries are generated with php from the system.inc file followed be a HUP signal for cron. This might be a problem. The modification time of the cron spool directory should be changed.

Cheers,
Helmut

The problem still exists on my machine (17.1.6) without internet access but hopefully I found the reason now. The parameters for the fetch command needs a litte modification.

FETCH="fetch -aqT 30" should be changed to FETCH="fetch -qT 30"

With the -a parameter fetch automatically retries to get the bogons file, so the rest of the script will never be executed. Tested the scipt without the "a" parameter on my system and it works now as expected.

Cheers,
Helmut

That was fast!

In my (special) case the script would run forever. So yes, we should stop it after some attempts.

Cheers,
Helmut

[no]

I have an OPNSense Box (17.1.4) filtering Traffic between an Office Network and an Automation Network. The OPNSense Box has no Internet Connection, so updating Bogon Networks will not work and is not necessary in my case. There is no option for disabling the update, so I set the frequency to monthly.

On the 1st of the month I got a big CPU Load, over 30000 states for udp from 127.0.0.1 to 127.0.0.1:53 and the log file is filling up with following messages:
root: rc.update_bogons is starting up
root: rc.update_bogons is beginning the update cycle
root: Could not download https://pkg.opnsense.org/FreeBSD:11:amd64/17.1/sets/bogons.txz

I think the rc.update_bogons script generates an endless loop when there is no connection to the pkg.opnsense.org server. The sleep command isn't executed when the script is relaunched from an PROC_ERROR. Some parts of the script:

if [ "${COMMAND}" = "cron" ]; then
    VALUE=$(jot -r 1 1 900)
    echo "rc.update_bogons is sleeping for ${VALUE} seconds" | logger
    sleep ${VALUE}
fi

if [ ! -f ${WORKDIR}/bogons.txz ]; then
    echo "Could not download ${URL}" | logger
    PROC_ERROR=1

if [ -n "${PROC_ERROR}" ]; then
    # Relaunch and sleep
    sh /usr/local/etc/rc.update_bogons &
    exit
fi

A nice feature would be a setting for update frequency: Daily, Weekly, Monthly and never

Yes. It happens during installation while the installer is running. Testet on two different mainboards. But only in UEFI mode. An installation with the same USB Stick in normal VGA mode (not UEFI) works fine without system freezing.

I tried to install OPNsense-17.1.4-OpenSSL-vga-amd64.img in UEFI Modus. When I change the keymap from default to another language (german in my case) the system freezes after accepting the changes. Only Ctrl+Alt+Del for reboot is working. With the default keymap everything is fine.

Weiß jemand ab welchem Zeitpunkt beim Reporting Health im letzten Zoom Level Daten angezeigt werden. Nach 45 Tagen stand bei mir immer noch "No Data Available".

Im vorletzten Zoom Level wechselt die Zeitachse in ein ziemlich ungewöhnliches Format, z.B. "17 d089". Ich interpretiere das als Jahr 2017 und laufender Tag 89. Gewollt oder nicht, ist auf jeden Fall ungewohnt.