Alias is recreated after deletion

Started by sklein, April 02, 2025, 05:46:21 PM

Previous topic - Next topic
Hello,

we are running 2 opnsense boxes in high available setup. Synchronisation from main to backup - and failover, rule sync etc runs as expected.
Version on both boxes: OPNsense 25.1.4_1-amd64

Now we have set up geoip filter from maxmind and created the required alias and rules - which also work.

Today we noticed that after we wanted to add exceptions for a country that after a short time the previous status on the main fireall is in the alias again.
For example, we allowed south africa, a few minutes later south africa was forbidden again.

We then deleted the rules and finally removed the alias - which reappeared after a few minutes.
It doesn't matter whether this is done with an admin user or with root directly.

Unfortunately we don't see any errors in the log files - neither in the webui nor on the cli which helps us to understand the problem.

I am open to suggestions

Many thanks and best regards

Steffen

To me this looks like you are syncing also from the backup to the main system.

On the backup system in "System: High Availability: Settings" only in "General Settings" for "Synchronize Peer IP" the sync ip of the main system should be set. Everything below "Configuration Synchronization Settings (XMLRPC Sync)" should be empty.

Or did you accidentally make the changes on the backup system?

Hello Fabian,

thank you very much for your answer. I have double checked, the sync only takes place from the first to the second firewall. So two-way sync is excluded. Also a configuration on the second firewall - is overwritten directly by cron from the first one. Since we operate several HA setups and this is the only one that behaves like this - it is simply unexplainable..

Thank you and best regards

Steffen