Project

General

Profile

Actions

Bug #16871

closed

PHP Fatal error: add_filter_rules() — Argument #2 ($index) must be of type int, null given — when saving NAT Port Forward with filter rule association Environment

Added by Riccardo Mazzia about 1 month ago. Updated about 1 month ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Version
pfSense+ 26.03.1 (RELENG_26_03_1-n256546-1d1bfd578383, built 2026-05-20)
Architecture
amd64 / FreeBSD 16.0-CURRENT
Description

When creating or editing a NAT Port Forward rule and selecting either "Add associated filter rule" or "Create unassociated filter rule" as the Filter Rule Association, the GUI crashes with a PHP Fatal error. The page returns a 50x error and no rule is saved correctly.

Additionally, when "Add associated filter rule" does not crash and creates the rule, the associated WAN firewall rule is created with the wrong destination: it uses the post-NAT internal IP and port (e.g. 192.168.6.100:23334) instead of the pre-NAT WAN address and external port (e.g. WAN address:14001). This causes the firewall rule to never match incoming traffic, silently breaking the port forward.
Steps to reproduce

1. Go to Firewall → NAT → Port Forward
2. Create a new rule:
- Interface: WAN
- Protocol: TCP
- Destination: WAN address
- Destination port: 14001
- Redirect target IP: 192.168.6.100
- Redirect target port: 23334
- Filter rule association: "Add associated filter rule" OR "Create unassociated filter rule"
3. Click Save
Expected behavior

Rule saves successfully. Associated WAN firewall rule is created with:
- Destination: WAN address (192.168.1.17)
- Destination port: 14001 (the external port)
Actual behavior

GUI crashes with HTTP 50x error. The following PHP Fatal error is logged in the Crash Reporter:

PHP Fatal error: Uncaught TypeError: add_filter_rules(): Argument #2 ($index) must be of type int, null given, called in /usr/local/pfSense/include/www/firewall_nat.inc on line 701 and defined in /etc/inc/filter.inc:6921

Stack trace:
#0 /usr/local/pfSense/include/www/firewall_nat.inc(701): add_filter_rules()
#1 /usr/local/www/firewall_nat_edit.php(87): saveNATrule()
#2 {main}

When the crash does not occur (intermittently), the associated filter rule is created with the wrong destination (post-NAT internal IP/port instead of pre-NAT WAN address/port), making the port forward non-functional.
Workaround

Set Filter rule association = "None" and create the WAN pass rule manually in Firewall → Rules → WAN with:
- Destination: WAN address
- Destination port: 14001 (external port)
Relevant files

/usr/local/pfSense/include/www/firewall_nat.inc (line 701)
/etc/inc/filter.inc (line 6921)
/usr/local/www/firewall_nat_edit.php (line 87)


Files

PHP_errors.log (922 Bytes) PHP_errors.log Riccardo Mazzia, 06/07/2026 06:22 PM

Related issues

Is duplicate of Bug #15346: Cannot add Port Forward with an unassociated filter ruleResolvedMarcos M

Actions
Actions #2

Updated by Riccardo Mazzia about 1 month ago

2. Create a new rule:
- Interface: WAN
- Protocol: TCP
- Destination: WAN address
- Destination port: 14001
- Redirect target IP: 192.168.6.100
- Redirect target port: 23334
- Filter rule association: "Add associated filter rule" OR "Create unassociated filter rule"

ERRATA CORRIGE :

- Filter rule association: "Create unassociated filter rule"

Actions #3

Updated by Marcos M about 1 month ago

  • Is duplicate of Bug #15346: Cannot add Port Forward with an unassociated filter rule added
Actions #4

Updated by Marcos M about 1 month ago

  • Status changed from New to Duplicate
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF