Project

General

Profile

Actions
Copy link

Bug #15712

closed

Experimental ethernet rules, order broken when adding rule on other interface tab

Added by Vladimir Suhhanov about 2 months ago. Updated 29 days ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
24.08
Affected Architecture:
All

Description

To reproduce the issue with Ethernet rule ordering:

1. Install and configure pfBlocker with inbound/outbound interfaces, enabling DNSBL in Python mode.
2. Create rules for Ethernet interfaces.
3. Perform an update and reload settings in pfBlocker.
4. Add a rule to any interface (e.g., WireGuard).
5. Check the Ethernet interface rules—adding the rule disrupts the order.

The issue seems to be linked to pfBlocker and affects rule management on Ethernet interfaces.

More details on the forum https://forum.netgate.com/topic/190031/experimental-ethernet-rules-order-broken-when-adding-rule-on-wireguard-interface

Actions
Copy link
 #1

Updated by Marcos M about 2 months ago

  • Status changed from New to Feedback

I was not able to reproduce this on dev snapshots. It may have been resolved by https://redmine.pfsense.org/issues/15537 or some other related fix.

Actions
Copy link
 #2

Updated by Vladimir Suhhanov about 2 months ago

This what I have in that section:

$interface = strtolower($interface);
$relative_index_count = -1; // a valid index count starts at 0
foreach (config_get_path('filter/rule',[]) as $idx => $rule) {
// skip rules on unrelated interfaces
if ((isset($rule['floating']) && ($interface != "floatingrules")) ||
(isset($rule['ethernet']) && ($interface != "ethernetrules")) ||
(!isset($rule['floating']) && !isset($rule['ethernet']) && ($interface != $rule['interface']))) {
if (isset($rule_index) && isset($interface_rule_index['first']) && ($idx >= $rule_index)) {
// the last rule on the matching interface has already been reached
break;

My pfSense version is
24.08-DEVELOPMENT (amd64)
built on Tue Jul 2 9:00:00 EEST 2024
FreeBSD 15.0-CURRENT

Marcos, looks like you have some other build?

Actions
Copy link
 #3

Updated by Marcos M about 2 months ago

Yes, there have been several fixes since that build. I expect a new snapshot build to be publicly available soon-ish.

Actions
Copy link
 #4

Updated by Marcos M about 1 month ago

A new 24.08 snapshot is available. Please test there if you are able to reproduce this issue.

Actions
Copy link
 #5

Updated by Vladimir Suhhanov 29 days ago

Right after the update, the order got messed up a bit again, but currently I cannot reproduce it.

Actions
Copy link
 #6

Updated by Marcos M 29 days ago

  • Status changed from Feedback to Duplicate

IIRC that's expected (as it gets "unbroken"). I'll close this out for now as a duplicate. Feel free to report back if you do find any rule ordering issues.

Actions
Copy link

Also available in: Atom PDF