Bug #15134
open
Post upgrade to 2.7.2 - Change in alias name stops all traffic
0%
Description
After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done.
Once rebooted, old nat/access rules are working again using a new alias.
Updated by Chris W 4 months ago
I'm not able to reproduce this on a system upgraded to 2.7.2 from the 2.7 installation image. I simply made an alias of several public DNS server IP addresses, then a reject rule on LAN using that alias as a destination. After editing the name of the alias, the filter reloaded as normal, the name change was shown on the LAN firewall rules page, and I still had full internet access (minus the addresses the rule was rejecting). Did several edits on the same alias.
Was your system upgraded from a release prior to 2.7? When you click the green Apply Changes button after saving the new alias name, do you see the green "Change has been applied successfully" banner? If you then click the hyperlinked word Monitor in the banner, it'll take you to the filter reload page. Does that show it reloaded successfully?
Updated by Kris Phillips 4 months ago
Also unable to recreate this on either 2.7.2 or 23.09.1. Until more details can be provided, this should be marked as Incomplete.
Updated by
Updated by Rajko B 4 months ago
Kris Phillips wrote in #note-3:
Also unable to recreate this on either 2.7.2 or 23.09.1. Until more details can be provided, this should be marked as Incomplete.
Thank you, Kris and Chirs
We have done a fresh install of 2.7.2 using amd64 iso and restored the original configuration. The issue is still there.
The alias in question, which contains FQDN, is used in the NAT TCP port publishing and reflects to access rule in the WAN rules list.
pfsense is running as a VMware VM, using Intel NICs.
Please let us know if you need additional info.
Updated by Chris W 4 months ago
I presume you're talking about a port forward rule here, but about how many entries does this alias have? Is the forward (and the WAN rule) the only place the alias is used?
I still can't replicate this with an alias of 5 FQDN entries and 5 IP addresses. It functions like normal whether it be used in a firewall or NAT rule.
If you can send us an export of the alias (edit it and you'll see a blue Export to file button), I can bulk import it and see if using yours specifically makes a difference. If you're not comfortable attaching it here, just open a support ticket with us referencing this Redmine and I'll look into it next week.
https://www.netgate.com/tac-support-request