Issue on pfSense firewall

[ghost]

Hello!

Reporting a bug regarding using netstat logic. Please see here, I described and replicated it.

This code:

if _exists "netstat"; then
    _debug "Using: netstat"
    if netstat -h 2>&1 | grep "\-p proto" >/dev/null; then
      #for windows version netstat tool
      netstat -an -p tcp | grep "LISTENING" | grep ":$_port "
    else
      if netstat -help 2>&1 | grep "\-p protocol" >/dev/null; then
        netstat -an -p tcp | grep LISTEN | grep ":$_port "
      elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null; then
        #for solaris
        netstat -an -P tcp | grep "\.$_port " | grep "LISTEN"
      elif netstat -help 2>&1 | grep "\-p" >/dev/null; then
        #for full linux
        netstat -ntpl | grep ":$_port "
      else
        #for busybox (embedded linux; no pid support)
        netstat -ntl 2>/dev/null | grep ":$_port "
      fi
    fi
    return 0
  fi

It executes "if netstat -h 2>&1 | grep "-p proto" >/dev/null; then" which executes netstat -h and this takes long time as it resolves and trying to resolve all IPs :) then when it doesn`t find "-p proto" moves on to next command which is OK for our firewall. I removed first IF after _debug "Using: netstat" and verification is done in like 10 seconds for 12 hosts :)

[ghost]

Sorry forgot link from pfsense forums: https://forum.netgate.com/topic/140537/certificate-long-time-to-issue/17

[ghost]

solution is to use:

if netstat -help 2>&1 | grep "\-p proto" >/dev/null; then
_debug "Using: netstat"
#for windows version netstat tool

[Neilpang]

how many seconds does it cost for you on your machine ?

netstat -h

[ghost]

Anywhere from 30 to 120 seconds. Multiply that by 7 domain names and we have a problem 😁