Firewall reloading every time when different lease time is obtained after udhcpc: sending renew

you need to edit /etc/hotplug.d/iface/20-firewall to dump ifupdate data to the logs...

### EXISTINGLINE [ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
### NEWLINE
[ "$ACTION" = "ifupdate" ] && echo "20-firewall> $ACTION UA:$IFUPDATE_ADDRESSES UD:$IFUPDATE_DATA" | logger
4 Likes

Let's see what's going on.

1 Like

Here it is

Fri Jan 28 15:40:38 2022 daemon.notice netifd: wan (2120): udhcpc: sending renew to xx.32.1
Fri Jan 28 15:40:38 2022 daemon.notice netifd: wan (2120): udhcpc: lease of xx.32.172 obtained, lease time 7200
Fri Jan 28 15:40:38 2022 user.notice root: 20-firewall> ifupdate UA: UD:1
Fri Jan 28 15:40:38 2022 user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)
Fri Jan 28 15:40:44 2022 user.info adblock-4.1.3[4829]: adblock instance started ::: action: start, priority: 10, pid: 4829
Fri Jan 28 15:41:38 2022 daemon.info dnsmasq[4482]: exiting on receipt of SIGTERM
Fri Jan 28 15:41:38 2022 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Fri Jan 28 15:41:38 2022 user.notice dnsmasq: Allowing 127.0.0.0/8 responses

everytime followed by

user.notice root: 20-firewall> ifupdate UA: UD:1
1 Like

in this case... i tend to agree that...

you can/should report a bug... there are also some helpful hotplug examples on the forum that you could use to compare that the ip has not changed and skip the reload... (as an interim workaround)

in your case you could maybe try something like;


[ "$ACTION" = "ifupdate" ] && [ -z "$IFUPDATE_ADDRESSES" ] && [ "$IFUPDATE_DATA" = "1" ] && exit 0
1 Like

Just because it hasn’t been suggested, how about making a backup and then resetting to defaults. See if the behavior occurs on a fresh config. Then install any additional packages (one at a time, except for dependencies of course) and see if you can pinpoint when the problem first manifests.

It seems like this could trigger if the leasetime is different on the renewal (run ifstatus wan and look at the data section). I saw this same behavior today when my lease renewed, but mine renews every 2+ days.

As I wrote earlier this is inconvenient at the moment because I will lose connection to the router.

Leasetime is 7200

Except when it showed 3600.

1 Like

Yes, I cannot say why it changes to 3600.
Then the restart happens every 30 minutes or after an hour.

In that case (which is understandable), I’d say that if it isn’t causing any actual network issues, just leave it be and deal with the troubleshooting of this issue at some future time. If it is actually impacting your network (aside from the log spam), you should prioritize that root-cause analysis as soon as it is reasonable to do so.

You can force it to occur at will by running

kill -USR1 $(pidof udhcpc)

Not that it helps solve it, but forcing renewal will update the remaining lease time. Run ifstatus wan before and after.

1 Like

I've completely uninstalled adblock but that didn't solve the issue.
Then I decided to replace the router with another one just to test.
The spare router (using current master snapshot), that was working fine on another network with WAN getting IP via DHCP, is now experiencing the same behaviour as described in the first post. Lease times of 7200s and 3600s follow one after another, then Reloading firewall due to ifupdate of wan and adblock and banIP restart.
Really wonder about the reason for this. My router is connected to the ISP router device currently configured as a bridge device with WLAN turned off.

Sorry @dave14305 but I don't understand what kill -USR1 $(pidof udhcpc) command does. Can you explain a little bit more.

Does the problem happen if you run the router in the near default state (i.e. no Adblock or banIP, minimal changes for your network and wifi configurations)?

The same problem without both Adblock and banIP. The second router I've connected didn't do this on another network. The only difference that I know of, is that on the problem ISP network, the ISP is using MAC address access list. So I have to call the ISP support so they change their settings and after that the router gets an IP.

DHCP and the firewall should also be turned off on the ISP device.

The OpenWRT device should be doing DHCP, wireless, and firewall.

As long as I know DHCP and the firewall are turned off on the ISP device. I asked the ISP to do so because I use my own router doing all of that.

Normally, users go in to the ISP device GUI and do that themselves.

You might check that to be sure.

I don't have access to the ISP device. Only the ISP can manage it. That is the reason to use my own router.

Then confirm it with the ISP.