https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162016-03-25T23:27:00ZpfSense bugtrackerpfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=258532016-03-25T23:27:00ZNOYB NOYBJunkYardMail1@Frontier.com
<ul></ul><p>Pet peeve of mine that the system seems to be wide open by default until firewall rules get applied. Think I brought it up or mentioned it once long ago in the forums.</p>
<p>So even if the firewall rules load properly the system still seems to be open between the time the interface is brought up and when the firewall rules get applied.</p>
<p>And as you have noticed if the rules fail to get applied the system remains open.</p> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=258542016-03-25T23:57:52ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Subject</strong> changed from <i>not a single firewall rule loaded after reboot.. (du to a invalid ruleset.)</i> to <i>no firewall rules loaded after reboot with invalid ruleset</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Assignee</strong> set to <i>Chris Buechler</i></li><li><strong>Target version</strong> set to <i>2.3.1</i></li><li><strong>Affected Version</strong> changed from <i>2.3</i> to <i>All</i></li></ul><p>Ought to keep a "last known good" rules.debug and apply that if it fails, and if that fails/is unavailable, maybe just the anti-lockout rule on LAN. I'll look at it post-2.3.</p> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=266182016-04-21T03:40:07ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Target version</strong> changed from <i>2.3.1</i> to <i>2.3.2</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=279592016-07-06T00:48:33ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Assignee</strong> deleted (<del><i>Chris Buechler</i></del>)</li><li><strong>Target version</strong> changed from <i>2.3.2</i> to <i>2.4.0</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=315522017-02-15T17:06:34ZJim Thompsonjim@netgate.com
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=337712017-09-04T21:58:45ZGrischa Zengel
<ul></ul><p>I wrote this 4 years ago in <a class="issue tracker-1 status-6 priority-4 priority-default closed" title="Bug: <Firewall: NAT: Port Forward: Edit> takes range in "Redirect target port" (Rejected)" href="https://redmine.pfsense.org/issues/3175">#3175</a></p> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=338662017-09-11T15:59:42ZRenato Botelhorenato@netgate.com
<ul><li><strong>Target version</strong> changed from <i>2.4.0</i> to <i>2.4.1</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=339262017-09-16T07:22:52ZPi Ba
<ul></ul><p>Another example making no rulesloaded (vtnet doesnt support altq): <a class="external" href="https://redmine.pfsense.org/issues/7594">https://redmine.pfsense.org/issues/7594</a></p> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=342622017-10-12T10:06:29ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.1</i> to <i>2.4.2</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=351552017-11-16T08:39:41ZRenato Botelhorenato@netgate.com
<ul><li><strong>Target version</strong> changed from <i>2.4.2</i> to <i>2.4.3</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=360252018-03-08T14:38:56ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.3</i> to <i>2.4.4</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=383222018-09-11T13:50:12ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.4</i> to <i>2.4.4-GS</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=394482018-11-29T09:41:29ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.4-GS</i> to <i>48</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=401102019-03-12T10:54:58ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>48</i> to <i>2.5.0</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=494192020-11-12T09:21:52ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>In Progress</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=495492020-11-17T10:10:22ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=509072021-02-05T09:12:07ZChris Linstruth
<ul></ul><p>Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the child bandwidth is higher than the parent queue.</p>
<pre>
Crash report begins. Anonymous machine information:
amd64
12.2-STABLE
FreeBSD 12.2-STABLE b102db12494(devel-12) pfSense
Crash report details:
PHP Errors:
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: fopen(): Filename cannot be empty in /etc/inc/notices.inc on line 101
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: Cannot use a scalar value as an array in /etc/inc/config.lib.inc on line 1157
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: Cannot use a scalar value as an array in /etc/inc/config.lib.inc on line 1159
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: Cannot use a scalar value as an array in /etc/inc/config.lib.inc on line 1157
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: Cannot use a scalar value as an array in /etc/inc/config.lib.inc on line 1159
[05-Feb-2021 15:09:14 Etc/UTC] PHP Warning: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 1872
No FreeBSD crash data found.
</pre> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=509092021-02-05T09:25:40ZRenato Botelhorenato@netgate.com
<ul></ul><p>Chris Linstruth wrote:</p>
<blockquote>
<p>Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the child bandwidth is higher than the parent queue.</p>
<p>[...]</p>
</blockquote>
<p>This implementation will not cover PHP errors. When PHP crashes code is not executed and there is not much we can do.</p> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=509102021-02-05T09:38:09ZRenato Botelhorenato@netgate.com
<ul></ul><p>Chris Linstruth wrote:</p>
<blockquote>
<p>Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the child bandwidth is higher than the parent queue.</p>
<p>[...]</p>
</blockquote>
<p>Apply following patch to your system and reboot. It will make it to create an invalid set of rules without crash PHP</p>
<pre>
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index aeb79c9c11..f3fed92d1c 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -4010,6 +4010,7 @@ EOD;
}
}
+ $ipfrules .= "\nINVALID LINE HERE\n";
$ipfrules .= "\n# User-defined rules follow\n";
$ipfrules .= "\nanchor \"userrules/*\"\n";
/* Generate user rule lines */
</pre> pfSense - Bug #6028: no firewall rules loaded after reboot with invalid rulesethttps://redmine.pfsense.org/issues/6028?journal_id=509462021-02-08T05:57:53ZViktor Gurov
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>tested with patch on 2.5.0.a.20210204.2250<br />works as expected</p>