Bug #6133
closed
Firewall Rull Using !LAN address Error
Added by NOYB NOYB about 8 years ago.
Updated almost 8 years ago.
Description
Firewall rule using !LAN address in destination results in the following error.
@Notices
Filter Reload
• There were error(s) loading the rules: /tmp/rules.debug:297: syntax error - The line in question reads [297]: block in log quick on $LAN inet proto { tcp udp } from any to ! port 53 tracker 1452958855 label "USER_RULE: Block Unapproved DNS Servers"@
The rule settings are:
Block: enabled
Log: enabled
Protocol: IPv4 TCP/UDP
Source: *
Port: *
Destination: !LAN address
Port: 53(DNS)
Queue: none
Schedule:
Description: Block Unapproved DNS Servers
Same rules work fine on VirtualBox VM; Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz 2 CPUs: 1 package(s) x 2 core(s).
But not on Dell Inspiron 5100; Intel(R) Pentium(R) 4 CPU 2.66GHz. Full install on USB flash drive.
Forum thread:
https://forum.pfsense.org/index.php?topic=109719.0
- Assignee set to Chris Buechler
- Category set to Rules / NAT
- Status changed from New to Confirmed
- Target version changed from 2.3.1 to 2.3.2
no replicable test case for this. it fixes itself by the time the system finishes booting so not a huge deal, but ugly.
Have not seen this so far on 2.3.1. It's not been long and only a few reboots, but previously it was every boot. So good possibility it is fixed. That's good. Would be nice though to know the cause so it can be avoided in future.
Far as I am concerned, unless I see this again, it is fixed.
- Status changed from Confirmed to Feedback
I'm guessing this may have been fixed by the more proper validation that config.cache is sane.
- Status changed from Feedback to Resolved
- Target version deleted (
2.3.2)
this definitely looks to have been fixed in 2.3.1 with the validation of config.cache
Also available in: Atom
PDF