Recent posts

#1

26.1 Series / Re: Large number of files accu...

Last post by lmoore - Today at 02:26:53 AM

I saw this, too. The culprit may be the HomeAssistant OPNsense plugin. In its default settings, it scans every 30 seconds.

I don't use HomeAssistant so I can rule that one out.

My dashboard hasn't changed in quite a long time, so I can't attribute this to any changes there.

I'm also seeing a file being created at 1-minute past the hour, every hour. I suspect this is coming from 'List syslog applications'

-rw-------  1 root wheel  996 Mar 10 20:01:00 2026 /tmp/tmpcfd_4lh8ob0g
-rw-------  1 root wheel  996 Mar 10 21:01:00 2026 /tmp/tmpcfd_9huvt4nu
-rw-------  1 root wheel  996 Mar 10 22:01:00 2026 /tmp/tmpcfd_at5fi5vz
-rw-------  1 root wheel  996 Mar 10 23:01:00 2026 /tmp/tmpcfd_qv73ag34
-rw-------  1 root wheel  996 Mar 11 00:01:00 2026 /tmp/tmpcfd_gi8c4loh
-rw-------  1 root wheel  996 Mar 11 01:01:00 2026 /tmp/tmpcfd_9kffqpd0
-rw-------  1 root wheel  996 Mar 11 02:01:00 2026 /tmp/tmpcfd_x9_d4gxs
-rw-------  1 root wheel  996 Mar 11 03:01:00 2026 /tmp/tmpcfd_t8q1_nka
-rw-------  1 root wheel  996 Mar 11 04:01:00 2026 /tmp/tmpcfd_dhdxd_yw
-rw-------  1 root wheel  996 Mar 11 05:01:00 2026 /tmp/tmpcfd_3mxtse4h
-rw-------  1 root wheel  996 Mar 11 06:01:00 2026 /tmp/tmpcfd_vjq5o7w2
-rw-------  1 root wheel  996 Mar 11 07:01:00 2026 /tmp/tmpcfd_8s7x39sc
-rw-------  1 root wheel  996 Mar 11 08:01:00 2026 /tmp/tmpcfd_8wjw98ip
-rw-------  1 root wheel  996 Mar 11 09:01:00 2026 /tmp/tmpcfd_zd1xusvd

This is what's in these files:

{"captiveportal":"portalauth (captiveportal)","audit":"audit (audit)","configd.py":"configd (configd.py)","kernel":"kernel (kernel)","lighttpd":"lighttpd (lighttpd)","pkg":"pkg (pkg)","pkg-static":"pkg (pkg-static)","ppp":"ppps (ppp)","unbound":"resolver (unbound)","routed":"routing (routed)","olsrd":"routing (olsrd)","zebra":"routing (zebra)","ospfd":"routing (ospfd)","bgpd":"routing (bgpd)","hostapd":"wireless (hostapd)","ddclient":"ddclient (ddclient)","dhcpd":"dhcpd (dhcpd)","dhcrelay":"dhcrelay (dhcrelay)","dnsmasq":"dnsmasq (dnsmasq)","dpinger":"gateways (dpinger)","hostwatch":"hostwatch (hostwatch)","charon":"ipsec (charon)","kea-dhcp4":"kea (kea-dhcp4)","kea-dhcp6":"kea (kea-dhcp6)","kea-ctrl-agent":"kea (kea-ctrl-agent)","monit":"monit (monit)","ntp":"ntpd (ntp)","ntpd":"ntpd (ntpd)","ntpdate":"ntpd (ntpdate)","openvpn":"openvpn (openvpn)","firewall":"firewall (firewall)","filterlog":"filter (filterlog)","suricata":"suricata (suricata)","wireguard":"wireguard (wireguard)"}

[mdns-bridge]

#2

General Discussion / Anyone installed mdns-bridge f...

Last post by ZkDpsQ64FFoezpgr - Today at 02:01:50 AM

The mdns-bridge package seems to be a feature-complete and up-to-date implementation of mDNS forwarding across interfaces for both IPv4 and IPv6. It handles only mDNS as opposed to the general-purpose (and IPv4-only) UDPBroadcastRelay, but at least it should make it easy for mDNS. It's getting harder to live without IPv6 nowadays, due to IoT gadgets, Apple and Google insisting on it.

There's no OPNsense plug-in for it, but it is in FreeBSD ports, so it should be ok to try. Anyone have any experience with it on OPNsense 25.7 or 26? Just looking for any concerns before I end up flooding everything :-)

#3

26.1 Series / Re: Upgrade to 26.1.3 hung on ...

Last post by robled - Today at 01:07:06 AM

I looked more closely at the most recent log message and found that there are over 200k files in /var/lib/php/sessions:

Code Select Expand

find /var/lib/php/sessions -type f | wc -l
  277237
Deleting them solves the problem with the importer script:

Code Select Expand

find /var/lib/php/sessions -type f -delete
The issues with monit and unbound seem unrelated.  I'll look into filing a bug report upstream tomorrow.

#4

26.1 Series / Re: Rule or alias not matching

Last post by clarknova - March 10, 2026, 11:14:21 PM

Yeah, the rule I showed in my first post is the partial output of

Code Select Expand

pfctl -sr. I'm not sure why it looks different in /tmp/rules.debug.

#5

26.1 Series / Re: MiniUPNPD

Last post by Circan - March 10, 2026, 10:25:15 PM

Greetings,

Joining in as I've also encountered the same scenario with Plex, Xbox, and PS5 on current 26.1.3. Issue is logged back to 26.1, but I didn't notice.

Implemented patch against 26.1.3 and returned successful outcome from earlier in this thread. prior commands. Subsequent a reboot, the issue persists.

Writing to add that it is possible that the service is working; in my implementation replies to UPnP/IGD Controller requests via Home Assistant complete without issue.
Otherwise, I've the same errors as reply #22. Sanitized output:

Code Select Expand

2026-03-10T12:39:30-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument
2026-03-10T12:39:30-XX:XX  Informational miniupnpd SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent
2026-03-10T12:39:30-XX:XX  Debug        miniupnpd  Host: <router-ip>:<port>
2026-03-10T12:39:30-XX:XX  Informational miniupnpd HTTP REQUEST from <client-ip>:<port> : POST /ctl/CmnIfCfg (HTTP/1.1)
2026-03-10T12:39:30-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument
2026-03-10T12:39:30-XX:XX  Informational miniupnpd SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesReceived
2026-03-10T12:39:30-XX:XX  Debug        miniupnpd  Host: <router-ip>:<port>
2026-03-10T12:39:30-XX:XX  Informational miniupnpd HTTP REQUEST from <client-ip>:<port> : POST /ctl/CmnIfCfg (HTTP/1.1)
2026-03-10T12:39:30-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument

2026-03-10T12:39:00-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument
2026-03-10T12:39:00-XX:XX  Informational miniupnpd SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent
2026-03-10T12:39:00-XX:XX  Debug        miniupnpd  Host: <router-ip>:<port>
2026-03-10T12:39:00-XX:XX  Informational miniupnpd HTTP REQUEST from <client-ip>:<port> : POST /ctl/CmnIfCfg (HTTP/1.1)
2026-03-10T12:39:00-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument
2026-03-10T12:39:00-XX:XX  Informational miniupnpd SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesReceived
2026-03-10T12:39:00-XX:XX  Debug        miniupnpd  Host: <router-ip>:<port>
2026-03-10T12:39:00-XX:XX  Informational miniupnpd HTTP REQUEST from <client-ip>:<port> : POST /ctl/CmnIfCfg (HTTP/1.1)
2026-03-10T12:39:00-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument

2026-03-10T12:38:41-XX:XX  Error        miniupnpd  pfctl_get_rules_info: Invalid argument
2026-03-10T12:38:41-XX:XX  Debug        miniupnpd  sdl_index = <index>  <iface>:<mac-redacted>
2026-03-10T12:38:41-XX:XX  Debug        miniupnpd  level=0 type=20

However, it appears the service is working, at least in part, as UPnP/IGD responses to the HomeAssistant Control integration continues without interruption.

#6

26.1 Series / Re: Rule or alias not matching

Last post by meyergru - March 10, 2026, 08:37:21 PM

The rule you showed above said otherwise, hence why I asked.

#7

26.1 Series / Re: Rule or alias not matching

Last post by clarknova - March 10, 2026, 08:26:38 PM

Other than logging, source and label, the two rules in /tmp/rules.debug look identical to me. I'm not using Advanced Features on either of these rules, and I think not on this firewall at all.

Code Select Expand

pass in log on aINTERNAL route-to ( wan_gw ) inet from {10.15.4.52/31} to !$rfc5735 keep state label "..." # Log Pass allowed to internet
pass in on aINTERNAL route-to ( wan_gw ) inet from $allowed_internet to !$rfc5735 keep state label "..." # Pass allowed to internet

#8

26.1 Series / Re: Upgrade to 26.1.3 hung on ...

Last post by robled - March 10, 2026, 08:20:56 PM

#9

26.1 Series / Re: Upgrade to 26.1.3 hung on ...

Last post by franco - March 10, 2026, 08:08:07 PM

Can you press CTRL+T while it hangs and show what it says? It's likely probing disks and hanging there, which I haven't seen before.


Cheers,
Franco

#10

26.1 Series / Re: Upgrade to 26.1.3 - my fir...

Last post by nero355 - March 10, 2026, 07:54:11 PM

/sys/module/zfs/... does not exist on FreeBSD.

https://forums.truenas.com/t/zfs-pool-ko-after-filling-at-100/57356/9

That only raises more questions for me :

- Wasn't the ZFS code merged for both Linux and *BSD some years ago which would mean that both of them now use OpenZFS as it is under Linux ?!
- I understood some years ago that the TrueNAS developers were moving everything to a Linux base instead of FreeBSD ?!

The reserved 5% on Linux ext4 is for the system so that ordinary users cannot fill up the drive and thus the OS can still operate and root can install stuff.

The problem is that updates always are done by root (who is fully entitled to these 5%), so if root fills these up, be it through an update or otherwise, they're gone.

The important thing is that for example your /var/log files won't mess up your system and that's what counts here.

If Mr. Root messes up then it's his own problem to deal with and he hopefully learned something from it :)

On a data pool, this is easily avoided by having only normal users use it for storage (remote root access always is bad even without this).
At least my (XigmaNAS) pool was perfectly fine when I "ran out of space" on it (partial write, reporting "no space left on device"), but it was non-root users only, so the emergency reserve would have been untouched.

That's why I am surprised that regular "Storage Pools" can have this issue...

Obviously, this cannot be avoided with RootOnZFS.

As long as Mr. Root knows what he is doing it should not happen IMHO.

It still is odd that, especially given how wasteful ZFS is, it wouldn't just keep a minimum of spare space to itself regardless of who is accessing it so that at least deletes could still be done.

One more thing next to the currently existing thing ?! Who knows... maybe it's not a bad idea...

Then again, there are so many tunables that might have unintended side-effects which may look like optimizations but end up creating such situations, whereas the defaults are fine?

The thing is that people with large setups lose a lot of space with the default setting and then need to lower it to get some space back.

You just need to know what you are doign and why and most of all not forget certain high impact changes while you are messing around under the root account...