Bug #15712
closed
Experimental ethernet rules, order broken when adding rule on other interface tab
Added by Vladimir Suhhanov 2 months ago.
Updated about 2 months ago.
Affected Plus Version:
24.08
Affected Architecture:
All
Description
To reproduce the issue with Ethernet rule ordering:
1. Install and configure pfBlocker with inbound/outbound interfaces, enabling DNSBL in Python mode.
2. Create rules for Ethernet interfaces.
3. Perform an update and reload settings in pfBlocker.
4. Add a rule to any interface (e.g., WireGuard).
5. Check the Ethernet interface rules—adding the rule disrupts the order.
The issue seems to be linked to pfBlocker and affects rule management on Ethernet interfaces.
More details on the forum https://forum.netgate.com/topic/190031/experimental-ethernet-rules-order-broken-when-adding-rule-on-wireguard-interface
- Status changed from New to Feedback
This what I have in that section:
$interface = strtolower($interface);
$relative_index_count = -1; // a valid index count starts at 0
foreach (config_get_path('filter/rule',[]) as $idx => $rule) {
// skip rules on unrelated interfaces
if ((isset($rule['floating']) && ($interface != "floatingrules")) ||
(isset($rule['ethernet']) && ($interface != "ethernetrules")) ||
(!isset($rule['floating']) && !isset($rule['ethernet']) && ($interface != $rule['interface']))) {
if (isset($rule_index) && isset($interface_rule_index['first']) && ($idx >= $rule_index)) {
// the last rule on the matching interface has already been reached
break;
My pfSense version is
24.08-DEVELOPMENT (amd64)
built on Tue Jul 2 9:00:00 EEST 2024
FreeBSD 15.0-CURRENT
Marcos, looks like you have some other build?
Yes, there have been several fixes since that build. I expect a new snapshot build to be publicly available soon-ish.
A new 24.08 snapshot is available. Please test there if you are able to reproduce this issue.
Right after the update, the order got messed up a bit again, but currently I cannot reproduce it.
- Status changed from Feedback to Duplicate
IIRC that's expected (as it gets "unbroken"). I'll close this out for now as a duplicate. Feel free to report back if you do find any rule ordering issues.
Also available in: Atom
PDF
Updated by 
Updated by