Latest 18.7.6 selective states kill seems broken

Started by bb-mitch, November 05, 2018, 07:09:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 05, 2018, 07:09:51 AM

In my configuration, I have two hosts using HA/CARP.

On primary / carp master, go to Firewall -> Diagnostics -> States Dump

Filter on an IP. Press Kill.

Refilter on the same IP, the states do not seem to be cleared.

Pressed X on each state, and then filter on the same IP.

The states do not seem to be cleared.

I took the host in question offline. Repeated the process. I did this to ensure the host was not re-establishing the states before I could see them deleted.

So then I complete reset the states with Firewall -> Diagnostics -> States Reset

Now the states are gone. I haven't had to do this often, but I'm pretty sure this worked properly in 18.1.x - is there something wrong with my procedure?

Thanks!

M
November 07, 2018, 01:38:50 AM #1
Can anyone confirm / deny?
If I kill off a state, it doesn't seem to be removed, but killing all states does work.
Will upgrade another router currently not in an HA set and see if I can duplicate the findings there.
Thanks!
January 08, 2019, 06:39:44 AM #2
Same Here.
Filter -> KILL (click on X) then re filter, still there.
Any suggestions ?
January 08, 2019, 08:06:08 AM #3
This should do the trick for 19.1, but it doesn't patch on 18.7 at the moment:

https://github.com/opnsense/core/commit/5a95ccfef3

The issue seems to be that some states have direction "in" where srcip and dstip needto be reversed for the removal on the command line. It's more of a GUI convenience trick that causes the tool underneath to break. Everything else on that page works including removing "out" states.


Cheers,
Franco
Print
Go Up Pages1
User actions