19.1.2 Update? - Resolved

[cguilford]

I updated to 19.1.2 and now I'm seeing ALOT of LAN activity being blocked?

   LAN      Feb 28 14:53:47   [fe80::5e96:56ff:febf:70e7]:546   [ff02::1:2]:547   UDP   allow access to DHCPv6 server on LAN   
   LAN      Feb 28 14:53:45   192.168.29.100:40318   54.175.224.52:2350   tcp   Default deny rule   
   LAN      Feb 28 14:53:45   40.134.81.116:19856   192.168.29.10:32400   tcp   let out anything from firewall host itself   
   LAN      Feb 28 14:53:44   40.134.81.116:19836   192.168.29.10:32400   tcp   let out anything from firewall host itself   
   LAN      Feb 28 14:53:42   192.168.29.101:34350   52.87.251.209:2350   tcp   Default deny rule   
   LAN      Feb 28 14:53:37   40.134.81.116:19735   192.168.29.10:32400   tcp   let out anything from firewall host itself   
   LAN      Feb 28 14:53:36   192.168.29.102:40790   54.175.224.52:2350   tcp   Default deny rule   
   LAN      Feb 28 14:53:36   34.245.172.51:41078   192.168.29.10:32400   tcp   let out anything from firewall host itself   
   LAN      Feb 28 14:53:24   192.168.29.10:59736   35.241.26.53:443   tcp   Default deny rule   
   LAN      Feb 28 14:53:20   192.168.29.10:54240   173.194.197.188:5228   tcp   Default deny rule   
   LAN      Feb 28 14:53:17   192.168.29.100:47928   172.217.7.130:443   tcp   Default deny rule   
   LAN      Feb 28 14:53:17   192.168.29.100:39756   216.58.192.129:443   tcp   Default deny rule

[franco]

Probably TCP connection termination right after reboot... state table is empty so it'll not allow connections that it knew before the reboot. This is how it should work.


Cheers,
Franco

[cguilford]

Alright just wanted to make sure something crazy wasn't going on.  Thanks for all your hard work!

[franco]

Gladly, appreciate any heads-up! 

[cguilford]

I'm seeing alot of the following in the logfile under General -
Feb 28 15:19:52    api[85094]: no active session, user not found
Feb 28 15:19:49    api[85094]: no active session, user not found
Feb 28 15:19:46    api[2864]: no active session, user not found
Feb 28 15:19:43    api[2864]: no active session, user not found
Feb 28 15:19:40    api[2864]: no active session, user not found
Feb 28 15:19:37    api[2864]: no active session, user not found
Feb 28 15:19:34    api[2864]: no active session, user not found
Feb 28 15:19:31    api[2864]: no active session, user not found

[franco]

Could be https://github.com/opnsense/core/commit/ab3b5b5 ... try flipping the patch:

# opnsense-patch ab3b5b5

I'm assuming the error was always there or not overly relevant -- visible or not -- something is polling the API


Cheers,
Franco

[cguilford]

I've applied the patch .. now change..do I need to restart for it to apply?

[nivek1612]

I had a number of these 'no active session' msgs as well during the few minutes after the update process finished

none for a while now though

[franco]

Should be instantly applied. So it's not that... let's wait and see.

[cguilford]

My log file is still flooding with this.. every 3 seconds
Mar 1 07:38:33    api[35624]: no active session, user not found
Mar 1 07:38:30    api[94480]: no active session, user not found
Mar 1 07:38:27    api[35624]: no active session, user not found

[cguilford]

I'm seeing the backend log full of
Mar 1 07:38:34    configd.py: [833a4b4d-8f23-4e2d-8fb3-2d5010874f57] request filter log output
Mar 1 07:38:32    configd.py: [14830aa8-15a9-474e-8525-f545c4696f54] request pfctl byte/packet counters
Mar 1 07:38:32    configd.py: [1451130f-5b15-47b6-8a9b-e13cfd3fc8da] request filter log output
Mar 1 07:38:30    configd.py: [23e75e03-19a5-472e-8add-8932daaf0067] request filter log output
Mar 1 07:38:28    configd.py: [0f53c6e7-d5fa-4efc-a0a5-8674d2cfa401] request filter log output
Mar 1 07:38:26    configd.py: [ca3b6756-d724-445a-9685-9e06db66c8e8] request pfctl byte/packet counters
Mar 1 07:38:26    configd.py: [4fa48e9a-5747-4d87-b68d-d22eccfd137a] request filter log output

[cguilford]

Under the WebGui logs I'm seeing this.. not sure if ties in but it's about every 3 seconds as well?  I've replaced my firewall details with X - I tried reinstalling the Lighttpd package to no avail?


lighttpd[47626]: 192.168.29.10 x.x.com - [01/Mar/2019:07:53:55 -0500] "GET /api/diagnostics/firewall/log/?limit=100 HTTP/1.1" 401 0 "https://x.x.com/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36"

I've also done a log clear so that everything is clean there and it's still filling up,
I've also reset netflow and rrd data.

[cguilford]

Sorry for another Update it seems to be tied to Unbound DNS somehow... If I stop the service the log file clears up.  I tried to reinstall it to no avail, but when I turn it back on it starts flooding the log file again.

[cguilford]

Got it resolved, I had to delete an "Override" that I had listed there and then re add it and that seems to have resolved my issue.