Project

General

Profile

Actions

Regression #11775

closed

State counters not updating and always show 0/0 since last few updates

Added by Craig Weber 4 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Rules / NAT
Target version:
Start date:
04/03/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:

Description

Not exactly sure which update caused this but it is within the last few weeks. When looking at my firewall rules every rule show's 0/0 B and never update. Likewise it seems the counters for pfBlockerNG_Dev don't update on the dashboard widget. Packets seem to count for each feed and the total blocked counter, however the % total at the top always stays at 0. Number of unbound resolver queries also stays at 0. Screenshots attached. Finally, this is on an SG-5100 but I don't see that available to choose under Affected Architecture. ;-)

Currently on this build: 21.05.a.20210403.0100

Happy Easter!


Files


Related issues

Related to Regression #11994: Firewall rule usage counters showing 0/0 after latest pf mergeClosedLuiz Souza06/04/2021

Actions
Actions #1

Updated by Tigger 2014 3 months ago

I have the same issue on all 2.6.0 builds also.

Actions #2

Updated by Adam Goldberg 3 months ago

Having the same issue on 21.05-BETA with all counters on all interfaces reporting 0/0 B in the WebUI

pfctl -sa reports label counters accurately:

LABEL COUNTERS:
Block IPv4 link-local 48869 82 3440 9 91 73 3349 0
Block IPv4 link-local 4779 240 4620 12 11 228 4609 0
Default deny rule IPv4 7011 2299 15486 1375 11220 924 4266 0
Default deny rule IPv4 38034 11334 1302 10307 953 1027 349 0
Default deny rule IPv6 32851 4920 2530308 403 2527884 4517 2424 0
Default deny rule IPv6 2008 12526 1423 12514 1422 12 1 0
Block traffic from port 0 1171 58760 10 58682 1 78 9 0
Block traffic from port 0 1171 58760 10 58682 1 78 9 0
Block traffic to port 0 1732 5390 38082 3984 44 1406 38038 0
Block traffic to port 0 1732 5390 38082 3984 44 1406 38038 0
Block traffic from port 0 6144 1105 4445 1 1 1104 4444 0
Block traffic from port 0 6144 1105 4445 1 1 1104 4444 0
Block traffic to port 0 11437 134 1165 61 1 73 1164 0
Block traffic to port 0 11437 134 1165 61 1 73 1164 0
Block snort2c hosts 50391 133 12 61 11 72 1 0
Block snort2c hosts 29873 101 7194 51 964 50 6230 0

Actions #3

Updated by Kris Phillips 3 months ago

I'm able to reproduce this. I ran a constant ICMP from LAN over an IPSec tunnel. Both the IPSec and LAN firewall rules do not show any states. In fact all states are completely empty.

See attached screenshots.

Actions #4

Updated by Steve Beaver 3 months ago

  • Assignee set to Luiz Souza
  • Priority changed from Normal to High
Actions #5

Updated by Jim Pingle 3 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from Web Interface to Web Interface
  • Target version set to 2.6.0
  • Affected Plus Version deleted (21.05)
  • Plus Target Version set to 21.05
Actions #6

Updated by Jim Pingle 3 months ago

  • Category changed from Web Interface to Rules / NAT
Actions #7

Updated by Jim Pingle 3 months ago

  • Assignee changed from Luiz Souza to Steve Beaver
Actions #8

Updated by Steve Beaver 3 months ago

  • Assignee changed from Steve Beaver to Luiz Souza
Actions #9

Updated by Kris Phillips 2 months ago

Was asked to test the latest release, as some counters were supposedly fixed in another part of the UI that may be related. Doesn't appear to have fixed the issue as it's still present in this build:

21.05-RC (arm64)
built on Wed May 19 03:03:52 EDT 2021
FreeBSD 12.2-STABLE

Actions #10

Updated by Nick K 2 months ago

I second the Kris response. I am updated to the latest on both my CE and Plus devices and seeing the same issues after.

21.09-DEVELOPMENT (arm64)
built on Thu May 20 01:03:51 EDT 2021
FreeBSD 12.2-STABLE

2.6.0-DEVELOPMENT (amd64)
built on Thu May 20 01:03:53 EDT 2021
FreeBSD 12.2-STABLE

Actions #11

Updated by Kris Phillips 2 months ago

Also not fixed in May 20 build, confirming what Nick K has found.

Actions #12

Updated by Luiz Souza 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Fixed the PHP module. It was returning only the last rule of the list.

Fixed in php74-pfSense-module-0.70.

Actions #13

Updated by Kris Phillips 2 months ago

Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved.

Actions #14

Updated by Craig Weber 2 months ago

Kris Phillips wrote:

Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved.

I upgraded to build 21.09.a.20210510.0100 a short while back hoping it was resolved in the Development builds, but it appears that the repository is not accessible at the moment to update from the latest snapshots. I'd love to test this and update so hopeful you open it up soon!

Thank you so much for addressing this. You guys rock!

Actions #15

Updated by M Felden 2 months ago

2.6.0.a.20210520.0100 -> 2.6.0.a.20210521.0100

Fixed in all instances

Actions #16

Updated by Renato Botelho 2 months ago

  • Status changed from Feedback to Resolved
Actions #17

Updated by Jim Pingle 2 months ago

Looks good here, too, on the following snapshots:

  • Plus snapshot pfSense-21.05.r.20210520.1515
  • CE snapshot 2.6.0.a.20210521.0100
Actions #18

Updated by Jim Pingle 2 months ago

  • Tracker changed from Bug to Regression
  • Release Notes changed from Default to Force Exclusion

Excluding from release notes since it was a problem introduced by changes after the last release.

Actions #19

Updated by Craig Weber 2 months ago

Jim Pingle wrote:

Excluding from release notes since it was a problem introduced by changes after the last release.

Any chance that you can open the repository so I can apply the fix to my appliance in the near future? I'm really happy to see this resolved but am sitting on version 21.09.a.20210510.0100 at the moment. Would really appreciate it! I am the author of the bug.

Actions #20

Updated by Jim Pingle 2 months ago

It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.

https://github.com/pfsense/FreeBSD-ports/commit/cf0a248c9df08a346ce024869bb88008fcbf3989

Actions #21

Updated by Craig Weber 2 months ago

Jim Pingle wrote:

It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.

https://github.com/pfsense/FreeBSD-ports/commit/cf0a248c9df08a346ce024869bb88008fcbf3989

I typically update via the CLI.

Actions #22

Updated by Jim Pingle 2 months ago

If you update to a current build, it includes the fix now. There isn't a reliable way to update just the module that wouldn't have other risks. The current 21.05 and 21.09 builds are much more stable and reliable than the build you are on. There isn't a compelling reason to stay on a development build that is now over two weeks old given all the beneficial changes that have gone in since then.

Actions #23

Updated by Craig Weber 2 months ago

Jim Pingle wrote:

If you update to a current build, it includes the fix now. There isn't a reliable way to update just the module that wouldn't have other risks. The current 21.05 and 21.09 builds are much more stable and reliable than the build you are on. There isn't a compelling reason to stay on a development build that is now over two weeks old given all the beneficial changes that have gone in since then.

That’s exactly what I’d like to do, but the 21.09 builds are not accessible from the internet at the moment. 21.05 is. I was hoping you would enable public access to the repo so I can update 21.09.

Actions #24

Updated by Jim Pingle 2 months ago

The 21.09 pkg repositories are accessible as far as I can see. If there is a problem updating, it might be branch specific. That wouldn't be anything associated with this particular issue, start a forum thread if there isn't one already.

Actions #25

Updated by Jim Pingle 2 months ago

  • Target version changed from 2.6.0 to 2.5.2
Actions #26

Updated by M Felden about 2 months ago

Issue reappeared for me in 2.6.0.a.20210603.0625 and 2.6.0.a.20210604.0100

Actions #27

Updated by Jim Pingle about 2 months ago

  • Related to Regression #11994: Firewall rule usage counters showing 0/0 after latest pf merge added
Actions

Also available in: Atom PDF