Regression #13011
closed
Ruleset can fail to load on snapshot from March 31st
0%
Description
Adding this for tracking as we are aware of it and it's being actively worked on.
There is an issue on the latest snapshot of Plus and CE which can lead to an error loading the ruleset:
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Invalid argument - The line in question reads [0]:
This is related to an issue in FreeBSD which came in during our latest merge on the 28th: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262971
The issue is triggered by duplicate rules in the ruleset.
Forum thread: https://forum.netgate.com/post/1035550
For some, the easiest workaround will be to temporarily disable NAT reflection and then reboot. See the forum thread for additional suggestions.
We are actively working on a fix and will either have a correction in today or revert the problematic change.
Related issues
Updated by Jim Pingle over 2 years ago
- Related to Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet added
Updated by Jim Pingle over 2 years ago
While not directly related, #13011 is contributing to this problem as it's one source of potentially duplicate rules.
Updated by Jim Pingle over 2 years ago
- Related to Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any`` added
Updated by Mateusz Guzik over 2 years ago
Should be sorted out as of 8f782c1bf74a13fa9c8c40c37d6b2391387498c3 on devel-12 and aac961d1dbc43f1cc71acb701a54df0da05efa01 on plus-devel-12
Updated by Jim Pingle over 2 years ago
- Status changed from Confirmed to Feedback
Updated by Jim Pingle over 2 years ago
- Status changed from Feedback to Resolved
Fixed and working for a while now.