Project

General

Profile

Actions

Bug #2564

closed

Import from m0n0wall breaks pfSense if dashes are in an alias

Added by Steve Y over 11 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/27/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:

Description

We just tried to upgrade from m0n0wall 1.33 to pfSense 2.01. We booted (live CD), configured the LAN IP, and restored the m0n0wall configuration file. No connectivity to the Internet. We could ping the WAN from pfSense but not from the LAN.

It turns out, in m0n0wall, "The name of the alias may only consist of the characters a-z, A-Z, 0-9 and '-' (dash)." pfSense does not allow dashes. pfSense did do a search/replace on the string "m0n0wall" in the configuration file, however, it did not search/replace the dashes out. As a result I believe the firewall was not loading and thus NAT/routing was not functioning.

Unfortunately since we had a few rules with such an alias, and the log file entry did not display the entire error message (the actual error was longer than what was displayed), it took a long time to figure out. Eventually we saw a page that displayed a longer partial message that had an extra couple lines referring to an unrecognized macro "$Server-1". We tried renaming that alias and pfSense kind of ran off the rails, with further attempts to edit that alias displaying a completely different page.

Eventually we used the Edit File feature to edit /cf/conf/config.xml, did a search/replace ourselves to remove dashes, and rebooted, and have been fine since.

I suggest that pfSense remove dashes or perhaps replace them with a different character when importing aliases.

Actions #1

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Needs Patch

the m0n0wall config conversion functionality is possibly much more broken than just this on current versions. I can't remember the last time I heard of anyone using it. Doesn't seem worth fixing at this point.

Actions #2

Updated by Renato Botelho over 3 years ago

  • Status changed from Needs Patch to Closed

m0n0wall is dead for a long time

Actions

Also available in: Atom PDF