Bug #8811
closed
in pfblockerng when change Rule Order generates duplicate all rules.
0%
Description
in pfblockerng when change Rule Order generates duplicate all firewall rules.
Files
Updated by BBcan177 . over 5 years ago
Please update to pfBlockerNG-devel and report back if the same issue repeats.
Updated by Jared Dillard
Updated by Jens Rauch over 4 years ago
I experienced this bug in an even worse manner. It duplicated all rules until my pfSense installation crashed with an out of memory exception (php cache) and it was not even possible to boot it back up correctly. The only way to fix this was to replace the config manually in the terminal.
I described the details here: https://forum.netgate.com/topic/142702/allowed-memory-size-exhausted
The short version:
I was running pfblockerng for years without issues. Some weeks ago I needed whitelisting so I changed the Rule Order (see screenshot in the forum for details). A few days after doing this, the config started to grow in size very quickly and the history stated that pfblockerng updated the rules every few minutes by duplicating the rules. When the config reached a certain size php and therefore parts of pfsense crashed. The config contained 2048 copies of the rules at that time.
I changed the rule order back yesterday and since then I did not experience this problem any more.
It's a productive environment so I'm a bit hesitant to update to the latest developer version.
Are there any news on this topic?
Thank you!
Updated by BBcan177 . over 4 years ago
Its best to move to pfBlockerNG-devel which has this issue fixed plus many other improvements. These changes are not going to be back ported to the release version. Devel will become the release version in short order, pending the upcoming devel release.
Ensure that "Keep Settings" is checked in the General tab, uninstall pfBlockerNG, and install pfBlockerNG-devel. You won't want to go back!
Updated by 