Latest 18.7.6 selective states kill seems broken

[bb-mitch]

In my configuration, I have two hosts using HA/CARP.

On primary / carp master, go to Firewall -> Diagnostics -> States Dump

Filter on an IP. Press Kill.

Refilter on the same IP, the states do not seem to be cleared.

Pressed X on each state, and then filter on the same IP.

The states do not seem to be cleared.

I took the host in question offline. Repeated the process. I did this to ensure the host was not re-establishing the states before I could see them deleted.

So then I complete reset the states with Firewall -> Diagnostics -> States Reset

Now the states are gone. I haven't had to do this often, but I'm pretty sure this worked properly in 18.1.x - is there something wrong with my procedure?

Thanks!

M

[bb-mitch]

Can anyone confirm / deny?
If I kill off a state, it doesn't seem to be removed, but killing all states does work.
Will upgrade another router currently not in an HA set and see if I can duplicate the findings there.
Thanks!

[The_Sage]

Same Here.
Filter -> KILL (click on X) then re filter, still there.
Any suggestions ?

[franco]

This should do the trick for 19.1, but it doesn't patch on 18.7 at the moment:

https://github.com/opnsense/core/commit/5a95ccfef3

The issue seems to be that some states have direction "in" where srcip and dstip needto be reversed for the removal on the command line. It's more of a GUI convenience trick that causes the tool underneath to break. Everything else on that page works including removing "out" states.


Cheers,
Franco