Bug #2373
closed
There were error(s) loading the rules... (Floating rules bug)
Added by Vladimir Suhhanov over 12 years ago.
Updated over 12 years ago.
Category:
Traffic Shaper (ALTQ)
Affected Architecture:
i386
Description
The problem is fully described here -
http://forum.pfsense.org/index.php/topic,48022.0.html
In short - traffic shaper wizard generates floating rules that pfsense does not want to load, this can stop the NAT working at all,
same bug can be obtained, if you want to upgrade your 8.1 based version with traffic shaper active to the latest current snapshot.
Debug is included (made by sporkme)
Files
- Category set to Traffic Shaper (ALTQ)
- Target version set to 2.1
- Affected Version set to 2.1
Found this issue and have following observation:
It is always the first match rule that gives the syntax error, no matter what You configure:
anchor "userrules/*"
match on { vr0 } proto tcp from any to any port 25 queue (qOthersLow,qACK) label "USER_RULE: m_Other SMTP outbound"
and
anchor "userrules/*"
match on { vr1 } proto udp from any to any port 500 queue (qOthersHigh) label "USER_RULE: m_Other IPSEC outbound"
are always the same...
There were error(s) loading the rules: /tmp/rules.debug:183: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [183]: match on { vr0 } proto tcp from any to any port 25 queue (qOthersLow,qACK) label "USER_RULE: m_Other SMTP outbound" ...
I've done some testing and I think the patch to add the "match" action must be missing.
Some error
Snap 2.1-DEVELOPMENT built on Wed May 9 21:13:38 EDT 2012
php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:278: syntax error pfctl: Syntax error in config file: pf rules not loaded'
php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:278: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [278]: match on { em2 } inet proto tcp from any to 192.168.1.1 port 3890 queue (qOthersHigh,qACK) label "USER_RULE"
- Assignee set to Ermal Luçi
I just want to say, that amd64 architecture is affected also.
Have just tried it.
Also worth noting, though similar to the fact that it happens if you upgrade from 2.0.1 (noted above) is that loading a configuration file backup into 2.1 also causes the same issue. It would be nice to be able to use 2.1 for traffic shaping, so if any more testing is needed on this, let me know!
- Status changed from New to Feedback
With new snapshots this should be resolved.
Issue was patch missing on 8.3 snaps
This bug appears fixed Ermal, BUT the changes seem to have broken the PPTP server and traffic shaping still doesn't work on VLAN'd setups due to 2349
At least I have no annoying error messages anymore and looks like shaping is working, but i need more time to test it. I don't have PPTP server and VLANs configured.
OK, iff there are PPTP issues, that would be a new/separate ticket. Try to confirm with others on the forum first. This ticket is just for shaping.
There were many patches that were fixed this week, not all related to this specific issue, so we will would prefer to treat them all separately.
Thanks Jim, sorry I was a bit frustrated - not with you guys, with myself for not testing the build before running it on an in-production-due-to-necessity server. It was early in the morning and since I read that there were patch-related issues with PPTP years ago (doing some searching) I jumped to a conclusion that this fix probably was my problem there. Since it seems to work for everyone else, I guess I'll just wait until traffic shaping is totally fixed (working on VLANs), then I'll figure out the PPTP problem I had :) Thanks!
For my current configuration and settings issue is fixed.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by Ermal Luçi 
Updated by