Project

General

Profile

Actions

Bug #2373

closed

There were error(s) loading the rules... (Floating rules bug)

Added by Vladimir Putin over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Ermal Luçi
Category:
Traffic Shaper (ALTQ)
Target version:
Start date:
04/12/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
i386

Description

The problem is fully described here -
http://forum.pfsense.org/index.php/topic,48022.0.html

In short - traffic shaper wizard generates floating rules that pfsense does not want to load, this can stop the NAT working at all,
same bug can be obtained, if you want to upgrade your 8.1 based version with traffic shaper active to the latest current snapshot.

Debug is included (made by sporkme)


Files

rules.debug.txt (17.1 KB) rules.debug.txt Vladimir Putin, 04/12/2012 10:54 AM
Actions #1

Updated by Chris Buechler over 9 years ago

  • Category set to Traffic Shaper (ALTQ)
  • Target version set to 2.1
  • Affected Version set to 2.1
Actions #2

Updated by Beat Siegenthaler over 9 years ago

Found this issue and have following observation:
It is always the first match rule that gives the syntax error, no matter what You configure:

anchor "userrules/*"
match on { vr0 } proto tcp from any to any port 25 queue (qOthersLow,qACK) label "USER_RULE: m_Other SMTP outbound"

and

anchor "userrules/*"
match on { vr1 } proto udp from any to any port 500 queue (qOthersHigh) label "USER_RULE: m_Other IPSEC outbound"

are always the same...

There were error(s) loading the rules: /tmp/rules.debug:183: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [183]: match on { vr0 } proto tcp from any to any port 25 queue (qOthersLow,qACK) label "USER_RULE: m_Other SMTP outbound" ...

Actions #3

Updated by Erik Fonnesbeck over 9 years ago

I've done some testing and I think the patch to add the "match" action must be missing.

Actions #4

Updated by Yan Triary over 9 years ago

Some error
Snap 2.1-DEVELOPMENT built on Wed May 9 21:13:38 EDT 2012

php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:278: syntax error pfctl: Syntax error in config file: pf rules not loaded'

php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:278: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [278]: match on { em2 } inet proto tcp from any to 192.168.1.1 port 3890 queue (qOthersHigh,qACK) label "USER_RULE" 

Actions #5

Updated by Chris Buechler over 9 years ago

  • Assignee set to Ermal Luçi
Actions #6

Updated by Vladimir Putin over 9 years ago

I just want to say, that amd64 architecture is affected also.
Have just tried it.

Actions #7

Updated by Mark Uhde over 9 years ago

Also worth noting, though similar to the fact that it happens if you upgrade from 2.0.1 (noted above) is that loading a configuration file backup into 2.1 also causes the same issue. It would be nice to be able to use 2.1 for traffic shaping, so if any more testing is needed on this, let me know!

Actions #8

Updated by Ermal Luçi over 9 years ago

  • Status changed from New to Feedback

With new snapshots this should be resolved.
Issue was patch missing on 8.3 snaps

Actions #9

Updated by Mark Uhde over 9 years ago

This bug appears fixed Ermal, BUT the changes seem to have broken the PPTP server and traffic shaping still doesn't work on VLAN'd setups due to 2349

Actions #10

Updated by Vladimir Putin over 9 years ago

At least I have no annoying error messages anymore and looks like shaping is working, but i need more time to test it. I don't have PPTP server and VLANs configured.

Actions #11

Updated by Jim Pingle over 9 years ago

OK, iff there are PPTP issues, that would be a new/separate ticket. Try to confirm with others on the forum first. This ticket is just for shaping.

There were many patches that were fixed this week, not all related to this specific issue, so we will would prefer to treat them all separately.

Actions #12

Updated by Mark Uhde over 9 years ago

Thanks Jim, sorry I was a bit frustrated - not with you guys, with myself for not testing the build before running it on an in-production-due-to-necessity server. It was early in the morning and since I read that there were patch-related issues with PPTP years ago (doing some searching) I jumped to a conclusion that this fix probably was my problem there. Since it seems to work for everyone else, I guess I'll just wait until traffic shaping is totally fixed (working on VLANs), then I'll figure out the PPTP problem I had :) Thanks!

Actions #13

Updated by Vladimir Putin over 9 years ago

For my current configuration and settings issue is fixed.

Actions #14

Updated by Ermal Luçi over 9 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF