"Unread notice: ... Let out anything from firewall itself" ?

[chemlud]

Hi

Had after updating to 20.7.3 on both opnsenses in the Lobby an "unread message" (see attached example), which I don't understand and I have no idea how to follow-up on these...

In the example em2 is the WAN interface and the redacted IP is the ISPs gateway iirc.

Is this something to worry about? How to look at that in detail?

Many thanks in advance!

chemlud

[Fright]

can you please share a full message?
what is in em2 config? (ipv4\6 enabled? dhcp?)

[chemlud]

Where to find the full message? :-)

Both WANs are DHCP, ipv4 only...

[Fright]

just the beginning of the sentence is not visible in the screenshot. probably this is "no routing address with matching address family found", but who knows..
but the traffic goes?
Do messages appear on every pf reload or only when the wan address is updated?
can you share some logs before and after that strings

[chemlud]

I checked the logs available from GUI, nothing in it, but as this "notice" has no time stamp, hard to know where to look for...

Both WAN IPs are not renewed on a regular base.

Where does this "unread notice" come from? email for root? no idea where to look...

[Fright]

Where does this "unread notice" come from?

/tmp/notices i think
if an error occurs while loading rules in pf, error content added to the file.
and php reads it

[chemlud]

Nope, there is no such thing as /tmp/notices and all the other files in /tmp are not helpful...

Any ideas?

I found this:

https://github.com/opnsense/core/blob/master/src/www/guiconfig.inc

but no idea where "get_notices" reads from...

[chemlud]

Maybe unbound wants to use ipv6 (although not configured by me, but opnsense itself might not care iirc), but it's disabled by me (ipv6 in total and ipv6 for unbound).

But I can't find a related message in System -> Log files -> Backend or General... nor in the unbound log (which looks rather patchy, with some messages for some days in the past (11. 15. 20. 26. 28. September) and then silence for the rest of the days... :-(

[Fright]

Nope, there is no such thing as /tmp/notices and all the other files in /tmp are not helpful

you probably acknowledge all notices and there were no more similar errors. just wait for the next one )

[chemlud]

...did a reboot on one sense, but no "notice"... wait'n see...

[Fright]

so good. there may be a one-time error during the update

[chemlud]

Got it!

Code Select Expand

a:1:{i:1601539191;a:1:{s:6:"notice";s:341:"There were error(s) loading the rules: /tmp/rules.debug:186: no routing address with matching address family found. - The line in question reads [186]: pass out route-to ( em2 xx.yy.zzz.aaa ) from {em2} to {!(em2:network)} keep state allow-opts label "470b24148e83cbf020300f9a54691951" # let out anything from firewall host itself (force gw)
";}}

[Fright]

so. this message should be in the main log too. what happened before that? what made the pf rules reload?
gateway swtich? wan address changed? can you share part of log before and after error string?

[chemlud]

Is there a time stamp or something like that in the message to make it easier to find the respective part of the log? :-)

If the time is 16:01 the message in the log is

Code Select Expand

reload filter for configured schedules

[Fright]

Is there a time stamp or something like that in the message to make it easier to find

i think "{i:1601539191" is epoch timestamp. its GMT: Thursday, 1 October 2020 г., 7:59:51
also there is a filter in log page.