Project

General

Profile

Bug #7772

Regression of Bug #906

Added by Lance Fogle 5 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Interfaces
Target version:
Start date:
08/14/2017
Due date:
% Done:

0%

Affected Version:
2.3.4_1
Affected Architecture:

Description

I read the bug and it says the interface delete code removes firewall rules and that the bug was resolved back in 2010 in version 2.0. I have a firewall that was installed originally with version 2.1 I believe when it started so much later than this bug. It is currently running the latest version (2.3.4-RELEASE-p1) but I can absolutely confirm I see this all the time with firewall rules not being cleaned up. In fact, my current system in question that bothered me enough to open a bug on will not let me delete an alias because it is referenced in one of these "ghost rules."

To give some background on how this came about:
I built new internal LAN CARP pair of firewalls to separate out a physical DMZ where I used to have one unified firewall for LAN and DMZ. Once internal firewall pair was working and routing for the internal LAN, I reconfigured the original single firewall to be an edge firewall so I cleaned up all the LAN interfaces, certificates, aliases (except the one that won't delete), VPN servers, etc and added in the needed static routes and rules on the transit network interface and dmz and all that so that it would serve as the edge.

The firewall rules are obviously still left behind because it is telling me it can't delete the alias because it is referenced by a rule that should no longer exist. Haven't had a chance to look at any code yet but thought I would get the word out there is an issue with the interface deletion code.

History

#1 Updated by Lance Fogle 5 months ago

Please let me know what if any information beyond this you need from me and I will be happy to provide it to help determine the cause. If I end up with some time I will take a look at the code to see if I can contribute as well.

#2 Updated by Lance Fogle 5 months ago

Found this forum post where someone else had an issue with this from deleting VLAN interfaces as well: https://forum.pfsense.org/index.php?topic=132259.0

#3 Updated by Jim Thompson 3 months ago

  • Assignee set to Steve Beaver
  • Target version set to 2.4.3

Also available in: Atom PDF