Feature #16308
Updated by Marcos M 2 months ago
Sometimes a filter reload takes place even when there hasn't been a configuration change to it. Most prominently this happens when schedules are used since this forces the filter to reload every 15 minutes. These filter reloads can result in short interruptions to traffic flow especially with very large pf configurations. To mitigate this behavior the filter sync process can be more deliberate about when the filter is reloaded, namely it should only do so when the pf configuration has changed. There are multiple ways for the pf configuration to potentially change outside of the configuration file used by pfSense (@/tmp/rules.debug@). Rules can be loaded into anchors, there can be file includes, and table contents may be modified separately. Since currently all the configuration ultimately ends up in @/tmp/rules.debug@ then we can simply check for differences between the file, loaded ruleset in pf, and the new ruleset to be saved/loaded. Currently table that file. Table contents are modified separately from the reload process and hence are not affected. outside of that should be unaffected.