pfSense

Ref: https://github.com/pfsense/pfsense/commit/6f8e648f5c88e04166539ab27872b13dfd587cb8 which fixed #8604

Whenever XMLRPC sync is triggered the slave no longer responds to the WebUI or XMLRPC (sometimes it takes a 2nd XMLRPC sync for this to trigger). The work-around is to restart PHP-FPM. Rolling back the commit above fixes the problem in my case.

It seems the call to get_interface_ip() is expensive (1 second per call), which causes each NAT reflection rule generation to take roughly 3 second to complete. With a large number of rules and gateways this seems to be a problem since the filter reload takes up to 2 minutes generate the rules. With the commit above reverted the filter reload takes less than 5 seconds.

I suspect there is a more optimal way to check if the interface has an IP assigned other than calling get_interface_ip(). I am not familiar with the code and, although this might not be generally true (to be verified), from my experiments it seems that get_interface_ip() returns the same value as $ifsubnet_ip, which could be substituted in place of the call.