Bug #4274
closed
Marking a packet with only a number results in a broken rule
100%
Description
I have a lot of floating rules used to mark packets with a number that I then catch later to do traffic shaping. This has worked perfectly in 2.0 and 2.1, but when I upgraded to 2.2, I started getting this message:
[ There were error(s) loading the rules: /tmp/rules.debug:326: syntax error - The line in question reads [326]: match in quick on { em0 } inet from $Servers to any tag 18 tracker 1422096771 label USER_RULE: Servers other]
Where $Servers is an alias for a couple of IP ranges. Removing the mark in Advanced Options makes the rule work (though obviously that screws up my traffic shaping).
I don't know if this has something to do with the fact that my tags are numbers.
Updated by Jonathan Dieter almost 10 years ago
Sorry, just realized I didn't list this as applying to 2.2 and it doesn't seem that I'm able to change it now.
Updated by Jim Pingle almost 10 years ago
- Subject changed from Unable to mark packet with number in floating rule in pfSense 2.2 to Marking a packet with only a number results in a broken rule
- Category set to Rules / NAT
- Status changed from New to Confirmed
- Assignee set to Ermal Luçi
- Target version set to 2.2.1
- Affected Version set to 2.2
Confirmed. If you place a purely numerical value in the "You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called Policy filtering" advanced option, the resulting rule generates an error from pf.
You can place a text value ("foo"), or a value that starts with text ("foo18") or ends with text ("18foo"), but not one that is purely numerical ("18").
Updated by Ermal Luçi almost 10 years ago
- Status changed from Confirmed to Feedback
Updated by Ermal Luçi almost 10 years ago
- % Done changed from 0 to 100
Applied in changeset 6a2f0ad75063b9a0068b0a1983fb61fe3b408920.
Updated by Ermal Luçi almost 10 years ago
Applied in changeset 1fbae628c24e8259dc2ddb3f610c78b4dad45a34.
Updated by Jonathan Dieter almost 10 years ago
Just wanted to say I've verified this works. Thanks so much for the quick response.
Updated by