Project

General

Profile

Actions

Regression #11857

closed

Match rules cause pf error parsing rules

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
Rules / NAT
Target version:
Start date:
04/27/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Force Exclusion
Affected Version:
2.6.x
Affected Architecture:
All

Description

Having a match rule, either manually or from ALTQ traffic shaping, leads to a pfctl error loading the rules:

pfctl: Invalid rule type 12

Happens on Plus 21.05 snapshots as well as 2.6.0 snapshots.

Simple to reproduce, add a rule on the Floating tab with the action set to match. The other parameters don't seem to matter, so set a random TCP port, save and apply. Then after applying, there will be an notification of the error.

Remove the match rule(s) and/or remove ATLQ traffic shaping and the rules load as expected.

Rule from /tmp/rules.debug:

match  on {  ix3  } inet proto tcp  from any to any port 65164 tracker 1619532858 flags S/SA  label "USER_RULE: match test" 

Same rules load fine on 21.02.2/2.5.1.

Actions

Also available in: Atom PDF