Project

General

Profile

Bug #2564

Import from m0n0wall breaks pfSense if dashes are in an alias

Added by Steve Yates over 6 years ago. Updated over 3 years ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/27/2012
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0.1
Affected Architecture:

Description

We just tried to upgrade from m0n0wall 1.33 to pfSense 2.01. We booted (live CD), configured the LAN IP, and restored the m0n0wall configuration file. No connectivity to the Internet. We could ping the WAN from pfSense but not from the LAN.

It turns out, in m0n0wall, "The name of the alias may only consist of the characters a-z, A-Z, 0-9 and '-' (dash)." pfSense does not allow dashes. pfSense did do a search/replace on the string "m0n0wall" in the configuration file, however, it did not search/replace the dashes out. As a result I believe the firewall was not loading and thus NAT/routing was not functioning.

Unfortunately since we had a few rules with such an alias, and the log file entry did not display the entire error message (the actual error was longer than what was displayed), it took a long time to figure out. Eventually we saw a page that displayed a longer partial message that had an extra couple lines referring to an unrecognized macro "$Server-1". We tried renaming that alias and pfSense kind of ran off the rails, with further attempts to edit that alias displaying a completely different page.

Eventually we used the Edit File feature to edit /cf/conf/config.xml, did a search/replace ourselves to remove dashes, and rebooted, and have been fine since.

I suggest that pfSense remove dashes or perhaps replace them with a different character when importing aliases.

History

#1 Updated by Chris Buechler over 3 years ago

  • Status changed from New to Needs Patch

the m0n0wall config conversion functionality is possibly much more broken than just this on current versions. I can't remember the last time I heard of anyone using it. Doesn't seem worth fixing at this point.

Also available in: Atom PDF