Bug #4274
closedMarking a packet with only a number results in a broken rule
100%
Description
I have a lot of floating rules used to mark packets with a number that I then catch later to do traffic shaping. This has worked perfectly in 2.0 and 2.1, but when I upgraded to 2.2, I started getting this message:
[ There were error(s) loading the rules: /tmp/rules.debug:326: syntax error - The line in question reads [326]: match in quick on { em0 } inet from $Servers to any tag 18 tracker 1422096771 label USER_RULE: Servers other]
Where $Servers is an alias for a couple of IP ranges. Removing the mark in Advanced Options makes the rule work (though obviously that screws up my traffic shaping).
I don't know if this has something to do with the fact that my tags are numbers.
Updated by Jonathan Dieter about 9 years ago
Sorry, just realized I didn't list this as applying to 2.2 and it doesn't seem that I'm able to change it now.
Updated by Jim Pingle about 9 years ago
- Subject changed from Unable to mark packet with number in floating rule in pfSense 2.2 to Marking a packet with only a number results in a broken rule
- Category set to Rules / NAT
- Status changed from New to Confirmed
- Assignee set to Ermal Luçi
- Target version set to 2.2.1
- Affected Version set to 2.2
Confirmed. If you place a purely numerical value in the "You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called Policy filtering" advanced option, the resulting rule generates an error from pf.
You can place a text value ("foo"), or a value that starts with text ("foo18") or ends with text ("18foo"), but not one that is purely numerical ("18").
Updated by Ermal Luçi about 9 years ago
- Status changed from Confirmed to Feedback
Updated by Ermal Luçi about 9 years ago
- % Done changed from 0 to 100
Applied in changeset 6a2f0ad75063b9a0068b0a1983fb61fe3b408920.
Updated by Ermal Luçi about 9 years ago
Applied in changeset 1fbae628c24e8259dc2ddb3f610c78b4dad45a34.
Updated by Jonathan Dieter about 9 years ago
Just wanted to say I've verified this works. Thanks so much for the quick response.