Firewall errors help needed

Started by EagleRock, February 08, 2025, 01:11:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 08, 2025, 01:11:35 AM
Firewall errors

Hey guys, i was making some changes today in OPNsense following the Homenetwork guy guide  with Vlans and unbound dns. Later I noticed that my internet started slowing down then everything stopped working right after, i was digging around the logs and i noticed this errors in the firwall.

Any idea what could be the issue? Any help would br appreciated 🤗

Code Select
>2025-02-04T23:48:00 Notice firewall remove old alias \_\_automatic\_95a7369c\_1

>2025-02-04T23:48:00 Notice firewall remove old alias \_\_automatic\_929f82e8\_0

>2025-02-04T23:48:00 Notice firewall remove old alias \_\_automatic\_95a7369c\_0

>2025-02-04T23:48:00 Notice firewall remove old alias \_\_automatic\_517962d5\_1

>2025-02-04T23:48:00 Notice firewall remove old alias \_\_automatic\_517962d5\_0

>2025-02-04T23:46:57 Error firewall /usr/local/etc/rc.newwanipv6: The command '/sbin/pfctl -t bogonsv6 -T flush' returned exit code '255', the output was 'pfctl: Table does not exist.'

>2025-02-04T23:46:53 Error firewall /usr/local/etc/rc.newwanip: The command '/sbin/pfctl -t bogonsv6 -T flush' returned exit code '255', the output was 'pfctl: Table does not exist.'

>2025-02-04T23:46:51 Error firewall /usr/local/etc/rc.bootup: The command '/sbin/pfctl -t bogonsv6 -T flush' returned exit code '255', the output was 'pfctl: Table does not exist.
February 08, 2025, 02:06:52 AM #1
Hm. You could check your alias status under "Firewall: Aliases". Directly to the right of the heading are the "loaded/configured" numbers, and you could have a look at "bogonsv6" to see if it loaded correctly.

If you do not have the "bogonsv6" alias referenced in your own rules or aliases, you can uncheck "Block bogon networks" under all interfaces, which should unload (empty) the "bogonsv6" alias.

If you have the "bogonsv6" alias referenced in your own rules or aliases, but do not have "Block bogon networks" checked under at least one interface, you should check it for at least one, and it should load the alias. Either that or remove all of your own references to it.

The handling of the "bogonsv6" alias is a bit problematic (in my opinion). I do not use the "Block bogon networks" interface checkbox, and I found that attempting to reference the alias while it was empty hit a bug. So I removed said reference. The bug should be fixed in the latest releases, but I haven't cared to test it. This may be related to your issue... or not.
February 08, 2025, 10:49:00 AM #2
Thank you so much for the help, i thought i had it enabled for my Wan but it was unchecked, enabling that did solve the issue 💪🏽
Print
Go Up Pages1
User actions