Project

General

Profile

Actions

Regression #13011

closed

Ruleset can fail to load on snapshot from March 31st

Added by Jim Pingle almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Force Exclusion
Affected Version:
2.7.0
Affected Architecture:

Description

Adding this for tracking as we are aware of it and it's being actively worked on.

There is an issue on the latest snapshot of Plus and CE which can lead to an error loading the ruleset:

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Invalid argument - The line in question reads [0]:

This is related to an issue in FreeBSD which came in during our latest merge on the 28th: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262971

The issue is triggered by duplicate rules in the ruleset.

Forum thread: https://forum.netgate.com/post/1035550

For some, the easiest workaround will be to temporarily disable NAT reflection and then reboot. See the forum thread for additional suggestions.

We are actively working on a fix and will either have a correction in today or revert the problematic change.


Related issues

Related to Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnetResolvedViktor Gurov

Actions
Related to Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``ResolvedViktor Gurov

Actions
Actions #1

Updated by Jim Pingle almost 2 years ago

  • Related to Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet added
Actions #2

Updated by Jim Pingle almost 2 years ago

While not directly related, #13011 is contributing to this problem as it's one source of potentially duplicate rules.

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Related to Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any`` added
Actions #4

Updated by Mateusz Guzik almost 2 years ago

Should be sorted out as of 8f782c1bf74a13fa9c8c40c37d6b2391387498c3 on devel-12 and aac961d1dbc43f1cc71acb701a54df0da05efa01 on plus-devel-12

Actions #5

Updated by Jim Pingle almost 2 years ago

  • Status changed from Confirmed to Feedback
Actions #6

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

Fixed and working for a while now.

Actions

Also available in: Atom PDF