Project

General

Profile

Actions
Copy link

Regression #13011

closed

Ruleset can fail to load on snapshot from March 31st

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Mateusz Guzik
Category:
Operating System
Target version:
2.7.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Force Exclusion
Affected Version:
2.7.0
Affected Architecture:

Description

Adding this for tracking as we are aware of it and it's being actively worked on.

There is an issue on the latest snapshot of Plus and CE which can lead to an error loading the ruleset:

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Invalid argument - The line in question reads [0]:

This is related to an issue in FreeBSD which came in during our latest merge on the 28th: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262971

The issue is triggered by duplicate rules in the ruleset.

Forum thread: https://forum.netgate.com/post/1035550

For some, the easiest workaround will be to temporarily disable NAT reflection and then reboot. See the forum thread for additional suggestions.

We are actively working on a fix and will either have a correction in today or revert the problematic change.

Related issues

Related to Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnetResolvedViktor Gurov

Actions
Related to Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``ResolvedViktor Gurov

Actions
Actions
Copy link

Also available in: Atom PDF