pf rules occasionally contain "!/" where the WAN network/netmask should be
Very similar to #2883
I have been unable to duplicate this but have seen enough tickets/forum posts to warrant a look.
One was an internal ticket that resulted in these notifications when suricata was reloading its rules.
The latest is this: https://forum.pfsense.org/index.php?topic=144835.0
It appears that the rule set is generated/reloaded at a time when the WAN interface does not have an address/netmask and the rule is improperly generated.
Apologies for not having steps to duplicate but they have proved to be elusive.
#1 Updated by Jim Pingle over 2 years ago
- File 8360.diff 8360.diff added
- Subject changed from pf rules occasionally contain "!/" where the WAN newrork/netmask should be to pf rules occasionally contain "!/" where the WAN network/netmask should be
- Status changed from New to Assigned
- Assignee set to Jim Pingle
- Affected Version set to 2.4.2_1
- Affected Architecture All added
- Affected Architecture deleted (
Attached patch should fix it, waiting for confirmation before committing.
#5 Updated by Adam Thompson over 2 years ago
Just got bitten by this, too, during a 2.4.0 -> 2.4.3_p1 upgrade. Problem did not exist prior to upgrade. In my case, it DOES affect traffic through the firewall.
In my case, the patch provided at https://redmine.pfsense.org/attachments/download/2355/8360.diff does not appear to solve the problem.
I have the complete backup file from the firewall post-2.4.3_p1 upgrade, and it's using the pfSense OVA (original version unknown), updated to 2.4.3_p1 so you should be able to replicate the problem in an VM, at least?
I don't want to post a customer's XML backup publicly, though...
I will attach /tmp/rules.debug momentarily. The syntax error is at line 162.