Project

General

Profile

Actions
Copy link

Bug #16871

open

PHP Fatal error: add_filter_rules() — Argument #2 ($index) must be of type int, null given — when saving NAT Port Forward with filter rule association Environment

Added by Riccardo Mazzia about 20 hours ago. Updated about 17 hours ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Version
pfSense+ 26.03.1 (RELENG_26_03_1-n256546-1d1bfd578383, built 2026-05-20)
Architecture
amd64 / FreeBSD 16.0-CURRENT
Description

When creating or editing a NAT Port Forward rule and selecting either "Add associated filter rule" or "Create unassociated filter rule" as the Filter Rule Association, the GUI crashes with a PHP Fatal error. The page returns a 50x error and no rule is saved correctly.

Additionally, when "Add associated filter rule" does not crash and creates the rule, the associated WAN firewall rule is created with the wrong destination: it uses the post-NAT internal IP and port (e.g. 192.168.6.100:23334) instead of the pre-NAT WAN address and external port (e.g. WAN address:14001). This causes the firewall rule to never match incoming traffic, silently breaking the port forward.
Steps to reproduce

1. Go to Firewall → NAT → Port Forward
2. Create a new rule:
- Interface: WAN
- Protocol: TCP
- Destination: WAN address
- Destination port: 14001
- Redirect target IP: 192.168.6.100
- Redirect target port: 23334
- Filter rule association: "Add associated filter rule" OR "Create unassociated filter rule"
3. Click Save
Expected behavior

Rule saves successfully. Associated WAN firewall rule is created with:
- Destination: WAN address (192.168.1.17)
- Destination port: 14001 (the external port)
Actual behavior

GUI crashes with HTTP 50x error. The following PHP Fatal error is logged in the Crash Reporter:

PHP Fatal error: Uncaught TypeError: add_filter_rules(): Argument #2 ($index) must be of type int, null given, called in /usr/local/pfSense/include/www/firewall_nat.inc on line 701 and defined in /etc/inc/filter.inc:6921

Stack trace:
#0 /usr/local/pfSense/include/www/firewall_nat.inc(701): add_filter_rules()
#1 /usr/local/www/firewall_nat_edit.php(87): saveNATrule()
#2 {main}

When the crash does not occur (intermittently), the associated filter rule is created with the wrong destination (post-NAT internal IP/port instead of pre-NAT WAN address/port), making the port forward non-functional.
Workaround

Set Filter rule association = "None" and create the WAN pass rule manually in Firewall → Rules → WAN with:
- Destination: WAN address
- Destination port: 14001 (external port)
Relevant files

/usr/local/pfSense/include/www/firewall_nat.inc (line 701)
/etc/inc/filter.inc (line 6921)
/usr/local/www/firewall_nat_edit.php (line 87)

Files

PHP_errors.log (922 Bytes) PHP_errors.log Riccardo Mazzia, 06/07/2026 06:22 PM
Actions
Copy link
 #2

Updated by Riccardo Mazzia about 17 hours ago

2. Create a new rule:
- Interface: WAN
- Protocol: TCP
- Destination: WAN address
- Destination port: 14001
- Redirect target IP: 192.168.6.100
- Redirect target port: 23334
- Filter rule association: "Add associated filter rule" OR "Create unassociated filter rule"

ERRATA CORRIGE :

- Filter rule association: "Create unassociated filter rule"

Actions
Copy link

Also available in: Atom PDF