Project

General

Profile

Actions

Bug #3050

closed

error loading TCP block or reject rule

Added by Thomas Rieschl over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
High
Category:
Rules / NAT
Target version:
Start date:
06/18/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

After updating to 2.1-RC0 (amd64) built on Mon Jun 17 17:28:37 EDT 2013 none of my TCP block rules are working anymore, throwing the following error:

There were error(s) loading the rules: /tmp/rules.debug:337: flags cannot be redefined - The line in question reads [337]: block return in log quick on $GuestLAN inet proto tcp from any to any port 25 flags S/SA keep state flags S/SA label "USER_RULE: SMTP verbieten"

After clicking around a bit, changing block/reject, ports, protcols and so on I got another similar error:

There were error(s) loading the rules: /tmp/rules.debug:341: keep state on block rules doesn't make sense - The line in question reads [341]: block in quick on $GuestLAN inet proto tcp from any to any port 25 flags S/SA keep state label "USER_RULE: test"

Altough I didn't set the rule to match a state. I didn't change (or open) any of the advanced settings.

It seems the commit responsible for the error is:
https://github.com/pfsense/pfsense/commit/e8ddd3a89a4513ab135c88739bd86cbb9fcd92c2

After installing the previous version of the /etc/inc/filter.inc, the block and reject rules work again as expected.
"TCP/UDP" combined rules are not affected.

Actions

Also available in: Atom PDF