Bug #3050
closederror loading TCP block or reject rule
100%
Description
After updating to 2.1-RC0 (amd64) built on Mon Jun 17 17:28:37 EDT 2013 none of my TCP block rules are working anymore, throwing the following error:
There were error(s) loading the rules: /tmp/rules.debug:337: flags cannot be redefined - The line in question reads [337]: block return in log quick on $GuestLAN inet proto tcp from any to any port 25 flags S/SA keep state flags S/SA label "USER_RULE: SMTP verbieten"
After clicking around a bit, changing block/reject, ports, protcols and so on I got another similar error:
There were error(s) loading the rules: /tmp/rules.debug:341: keep state on block rules doesn't make sense - The line in question reads [341]: block in quick on $GuestLAN inet proto tcp from any to any port 25 flags S/SA keep state label "USER_RULE: test"
Altough I didn't set the rule to match a state. I didn't change (or open) any of the advanced settings.
It seems the commit responsible for the error is:
https://github.com/pfsense/pfsense/commit/e8ddd3a89a4513ab135c88739bd86cbb9fcd92c2
After installing the previous version of the /etc/inc/filter.inc, the block and reject rules work again as expected.
"TCP/UDP" combined rules are not affected.