There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy

[mbroetz]

Hello,

one of my OPNSense Firewalls is regularly throwing the error

Code Select Expand

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busywhen I try to apply new Firewall rules.

Our Firmware is:
OPNsense 25.1.4_1-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16

I have had this issue for over half a year now and various OPNSense updates, so it should not be new or related to the OPNSense Version.

I currently solve the issue by turning a rule off- and on again before re-applying the change. This sometimes takes 2-3 tries to finally get it to work.

Is there any way to further inspect this issue? I have not found any log files that would help identify the underlying problem.

Thank you and kind regards,
Marius

[franco]

Hi Marius,

I think this happens when the rules are already being applied in the background. How fast is your hardware? How many rules and network interfaces do you have?


Cheers,
Franco

[mbroetz]

Hello,

thank you for the reply. My hardware is a HPE ProLiant DL360 Gen10, so it should be good enough to run OPNSense.

As far as I am aware, rules are not automatically applied until you press the Apply Button in the WebGUI? I have several other OPNsense Systems running on similar hardware and with similar workloads, and none of them have this issue. I ususally press "Apply" in the WebGUI right after creating a rule.

There are about 30 network interfaces, no idea how many rules there are total, is there a way to check this quickly?

Kind regards,
Marius

[franco]

Just asking for a ball park figure. Rules could apply in the background, particular interfaces or hardware behind it could slow this process down considerably.

There was a fix in 25.1.11 WRT ifconfig speed.  Maybe it's worth updating to 25.1.12 at least and see if that helps in any way.


Cheers,
Franco