Search results

As it is still happening and I noticed the "alcru: runtime went backwards" problem I thought they might be related and I looked into the loader.conf. I had a bunch of modules that I don't need anymore so I removed them and put kern.hz=100 in it. if_tap_load="YES" pf_load=yes kern.hz=100...

It might be that I didn't explain myself correctly. There is absolutely no way that the number of states is the problem. When the problem occurs I have like 10000 ICMP states listed, you know Nagios, that just won't quit. The server in question normally has a hundred of states active at pick...

Hi all, I have the weirdest of the problems. I have a 10.4-release server with Nagios and a bunch of OpenVPN's on it and since I've upgraded to 10.4 from 10.3 after running peachy for a while it starts not removing the states from PF's state table, any state of any protocol. Being a Nagios...

I finally got around to open the bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201520

I file a bug report as soon I have five minutes to spare. Thanks.

Can someone please confirm my findings so I can think about opening a bug report? Thanks. :)

Also, I tested it wrong. Our 10.1-RELEASE-p13 servers have the same issue.

It seems to me like this one is a pretty annoying and I would say big issue. But it might be just me.

The issue seems to present itself only when you split macros, like so: internal_net="{ 192.168.0.0/24 \ 192.168.1.0/24 192.168.2.0/24 }"

I was taking it into consideration, as a policy my company never use the latest version but in this case I might close both eyes if it gets me around the issue.

That's weird... we have three firewalls that show the issue. All of them went through the same upgrade path though. I wonder what it can be.

I'm going to ask a stupid question: How long is going to take, roughly, before the "fix" gets committed into Release? I have to upgrade another, very sensitive, firewall and I can't afford two reboot windows. I know, I should use CARP and Pfsych, I will... when I have the time to actually...

My bad. I thought you were asking. It was a misunderstanding.

We always use Release.

After you mentioned it I tried on our 10.1-RELEASE-p13 firewalls and it does not show the issue. It's a 9.3-RELEASE-p17. RE: Exact version

Since we upgraded from 8 to 9 we noticed that the PF syntax parser counts lines with "\" as a single line. That makes VERY difficult to find the incorrect line on sizable configuration files making the information basically useless. Is this happening just to us? Am I supposed to use something...

I tried most of the things you suggest already. Except dropping IPv6, I guess I could compile sendmail with IPv6 disabled to not disrupt other services but I haven't got the time yet. I have a small log file that works if you remove just one line, I send it to the maintainer because I can't...

Nothing, it just says "nothing to report". You are right, I palyed with it a little bit and it's not that. If I run it with "-v" I see some "getting size for msgid <whatever>:... not found" but nothing else. I'm about to give up.

The only difference I can think of between the two servers is that the one that doesn't work has IPv6 connectivity.

I tried SMA on another server and it works just peachy. I don't understand. Both servers are 8.4-RELEASE-p23. Weird.