Project

General

Profile

Actions

Bug #2605

closed

Filter rule are not created correctly

Added by Johannes Ullrich over 12 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Unknown
Target version:
Start date:
08/24/2012
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
amd64

Description

After upgrading to the latest snapshot, the filter rules refuse to load due to an error:

----
There were error(s) loading the rules: /tmp/rules.debug:109: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [109]: nat on gif0 inet from ...0/ to any -> () ...

The bad rule from line 109 of /tmp/rules.debug:

nat on gif0 inet from ...0/ to any -> ()

The issue went away after I edited filter.inc line 3169:

if($int)
$lines .= "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n";

changed to

if ($int!='gif0')

this isn't the "correct" patch, but should help locate the issue. I am using manual outbound NAT rules.

Actions #1

Updated by Jim Pingle over 12 years ago

If you change the test to this:

if ($int && $carp_int)

Does that work?

Actions #2

Updated by Johannes Ullrich over 12 years ago

yes. This patch works. Thanks for the quick turn around!

(tested with 2.1-BETA0 (amd64)
built on Mon Aug 27 14:57:37 EDT 2012
FreeBSD 8.3-RELEASE-p4 )

Actions #3

Updated by Jim Pingle over 12 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Ermal Luçi over 12 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF