Bug #15712
closed
Experimental ethernet rules, order broken when adding rule on other interface tab
0%
Description
To reproduce the issue with Ethernet rule ordering:
1. Install and configure pfBlocker with inbound/outbound interfaces, enabling DNSBL in Python mode.
2. Create rules for Ethernet interfaces.
3. Perform an update and reload settings in pfBlocker.
4. Add a rule to any interface (e.g., WireGuard).
5. Check the Ethernet interface rules—adding the rule disrupts the order.
The issue seems to be linked to pfBlocker and affects rule management on Ethernet interfaces.
More details on the forum https://forum.netgate.com/topic/190031/experimental-ethernet-rules-order-broken-when-adding-rule-on-wireguard-interface
Updated by Marcos M 2 months ago
- Status changed from New to Feedback
I was not able to reproduce this on dev snapshots. It may have been resolved by https://redmine.pfsense.org/issues/15537 or some other related fix.
Updated by Vladimir Suhhanov 2 months ago
This what I have in that section:
$interface = strtolower($interface);
$relative_index_count = -1; // a valid index count starts at 0
foreach (config_get_path('filter/rule',[]) as $idx => $rule) {
// skip rules on unrelated interfaces
if ((isset($rule['floating']) && ($interface != "floatingrules")) ||
(isset($rule['ethernet']) && ($interface != "ethernetrules")) ||
(!isset($rule['floating']) && !isset($rule['ethernet']) && ($interface != $rule['interface']))) {
if (isset($rule_index) && isset($interface_rule_index['first']) && ($idx >= $rule_index)) {
// the last rule on the matching interface has already been reached
break;
My pfSense version is
24.08-DEVELOPMENT (amd64)
built on Tue Jul 2 9:00:00 EEST 2024
FreeBSD 15.0-CURRENT
Marcos, looks like you have some other build?
Updated by Marcos M about 2 months ago
A new 24.08 snapshot is available. Please test there if you are able to reproduce this issue.
Updated by Vladimir Suhhanov about 2 months ago
Right after the update, the order got messed up a bit again, but currently I cannot reproduce it.
Updated by Marcos M about 2 months ago
- Status changed from Feedback to Duplicate
IIRC that's expected (as it gets "unbroken"). I'll close this out for now as a duplicate. Feel free to report back if you do find any rule ordering issues.