kernel: pflog0: promiscuous mode dis-/enabled MORE OFTEN THAN every 15 min

[Fright]

So if I understood you correctly, pflog0 promisc enable/disable should only happen when I watch the logs of the firewall (e.g. GUI firewall Live view)?

no, pflog0 promisc enabled every time pf loads.
filterlog grabs packets to filter.log continuously.
when you view logs in GUI they are taken from the file

[Ricardo]

So if I understood you correctly, pflog0 promisc enable/disable should only happen when I watch the logs of the firewall (e.g. GUI firewall Live view)?

no, pflog0 promisc enabled every time pf loads.
filterlog grabs packets to filter.log continuously.
when you view logs in GUI they are taken from the file

Sorry, but still a mistery! What does it mean "pf loads"?? On a live running opnsense router+firewall, when does pf "load"? As the dmesg pflog0 promisc enable/disable is hapenning multiple times since last reboot.

[Fright]

sorry )
"loads" means: file with rules created, states killed (if needed), rules loaded, filterlog started etc..

As the dmesg pflog0 promisc enable/disable is hapenning multiple times since last reboot

yes. this string indicates that the firewall was (re)loaded (can say "restarted")

[Ricardo]

Scratching my head until it bleeds...
I may not know anything, how pf works or behaves.

[Fright]

how pf works or behaves

cause it's not about pf )
its about OPN managing pf when something in environment changed and pf settings needs to be changed accordingly

[schmidja]

Hi all. New member here. I've been having the continuous promiscuous mode enable/disable, never ending.  I turned off all logging - literally searched for any logfile config options - and this promiscuous mode activty stopped immediately. Maybe you all have discovered this already, but in case you haven't, you might try that and see if you have the same results.
Thanks.

[Rajstopy]

Hi all,

Having this issue as well, the situation seems to be worse now, the network being incredibly slow, almost unusable.

That said, after some browsing, I read somewhere that the promiscuous mode enable / disable may be linked to a network interface card going up and down. I remember I already had some issues with my poor quality patch panel I should replace. Will just check this evening if that could be linked to a bad connection...

R.

[Fright]

Once again: "pflog0: promiscuous mode dis-/enabled" message in itself speaks only of pf reloading. to find out the reasons for the frequent pf reload, you need to look at the all logs for more info

[packet loss]

Anyone happen to be using Suricata or a RealTek NIC?

[meichthys]

Anyone happen to be using Suricata or a RealTek NIC?

Suricata Yes, RealTek NIC No.

[badsmoke]

is there any news? i have the same problem



```
2021-06-23T09:31:05   pflog0: promiscuous mode enabled
2021-06-23T09:31:05   pflog0: promiscuous mode disabled
2021-06-23T09:30:22   pflog0: promiscuous mode enabled
2021-06-23T09:30:22   pflog0: promiscuous mode disabled
2021-06-23T09:07:06   pflog0: promiscuous mode enabled
2021-06-23T09:07:06   pflog0: promiscuous mode disabled
2021-06-23T09:06:19   pflog0: promiscuous mode enabled
2021-06-23T09:06:19   pflog0: promiscuous mode disabled
```


```
2021-06-23T09:31:05   configd.py[60440]   message f39ecb4d-00d6-431b-8ad4-12c06e3155e3 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:31:05   configd.py[60440]   [68b12c50-8745-421b-a5fa-59e4d3163c10] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:31:05   configd.py[60440]   [f39ecb4d-00d6-431b-8ad4-12c06e3155e3] refresh url table aliases   
2021-06-23T09:31:05   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:31:05   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:31:05   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:31:05   configd.py[60440]   [e4ddadaa-2090-4d7e-b073-685dce634613] generate template OPNsense/Filter   
2021-06-23T09:31:05   configd.py[60440]   [a44ae51a-aa8d-4c24-93db-0e3611b48137] Reloading filter   
2021-06-23T09:30:22   configd.py[60440]   message 3b039a39-97c3-4ecb-b697-46bf873fce99 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:30:22   configd.py[60440]   [00c022c0-f6b6-4e4e-8c25-a30ca8563993] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:30:22   configd.py[60440]   [3b039a39-97c3-4ecb-b697-46bf873fce99] refresh url table aliases   
2021-06-23T09:30:22   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:30:22   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:30:22   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:30:22   configd.py[60440]   [d2d5af04-5604-4f17-8fc4-dad240320d7e] generate template OPNsense/Filter   
2021-06-23T09:30:21   configd.py[60440]   [acbb5b96-cc0e-43ce-a6c2-66662fb6e4a6] Reloading filter   
2021-06-23T09:07:06   configd.py[60440]   message 691ad808-0cd9-4c53-865c-9e517ab4a349 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:07:06   configd.py[60440]   [7878e15b-6dd4-4ed3-bac4-dbb36ff3ea57] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:07:06   configd.py[60440]   [691ad808-0cd9-4c53-865c-9e517ab4a349] refresh url table aliases   
2021-06-23T09:07:06   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:07:06   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:07:06   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:07:06   configd.py[60440]   [6cdb3d0c-b2b4-45ad-aa22-e6c6261646be] generate template OPNsense/Filter   
2021-06-23T09:07:06   configd.py[60440]   [d8e79a30-c43b-4c27-a881-aac339134507] Reloading filter   
2021-06-23T09:06:19   configd.py[60440]   message 0510316c-e7d1-41f8-a3d4-71d15b2986e6 [filter.refresh_aliases] returned {"status": "ok"}   
2021-06-23T09:06:19   configd.py[60440]   [a54d07c1-af2d-4797-a4ca-ebe499ba2eb4] updating dyndns VODAFONE_5_DHCP   
2021-06-23T09:06:19   configd.py[60440]   [0510316c-e7d1-41f8-a3d4-71d15b2986e6] refresh url table aliases   
2021-06-23T09:06:19   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_geoip.conf   
2021-06-23T09:06:19   configd.py[60440]   OPNsense/Filter generated //usr/local/etc/filter_tables.conf   
2021-06-23T09:06:19   configd.py[60440]   generate template container OPNsense/Filter   
2021-06-23T09:06:19   configd.py[60440]   [81d12d59-0806-4fcd-8493-f221bd66d4d4] generate template OPNsense/Filter   
2021-06-23T09:06:18   configd.py[60440]   [06fc4f4d-259b-4acf-8beb-9cb64e88c6f9] Reloading filter
```

[franco]

Kernel log and configd log are mostly irrelevant. It's simple: something reloads the firewall rules so the system log will tell us what component is doing it and maybe also why.


Cheers,
Franco

[badsmoke]

ok but how to proceed, where is there a way to find out what restarts the firewall rules?

[chemlud]

I don't see this currently on my installs... :-)

[franco]

> ok but how to proceed, where is there a way to find out what restarts the firewall rules?

I think I said so: system logs via System: Log Files: General.


Cheers,
Franco