Project

General

Profile

Actions

Bug #8360

closed

pf rules occasionally contain "!/" where the WAN network/netmask should be

Added by Chris Linstruth over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
03/06/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.2_1
Affected Architecture:
All

Description

Very similar to #2883

I have been unable to duplicate this but have seen enough tickets/forum posts to warrant a look.

One was an internal ticket that resulted in these notifications when suricata was reloading its rules.

The latest is this: https://forum.pfsense.org/index.php?topic=144835.0

It appears that the rule set is generated/reloaded at a time when the WAN interface does not have an address/netmask and the rule is improperly generated.

Apologies for not having steps to duplicate but they have proved to be elusive.


Files

8360.diff (1.35 KB) 8360.diff Jim Pingle, 03/07/2018 12:06 PM
compusense-rules.debug (12.9 KB) compusense-rules.debug rules.debug from the affected firewall Adam Thompson, 05/16/2018 11:13 AM
Actions

Also available in: Atom PDF