Bug #906


Orphaned rules from deleted interfaces are still present in config

Added by Jim Pingle about 11 years ago. Updated almost 11 years ago.

Rules / NAT
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


When you delete a normal interface, the rules are left orphaned in config.xml without an interface tag so there is no easy (Read: In the GUI) way to delete or reassign the rules. Among other problems, if one of these rules used an alias, you can't rename or delete the alias since the system believes the alias is in use.

When a normal interface is deleted, these rules should be deleted as well.

Note that this is not that case for PPTP, IPsec, and OpenVPN. Those rules keep their interface association when their VPN type is disabled, so they can safely be left.

Actions #1

Updated by Ermal Luçi about 11 years ago

This is how the interface deletion code works!
What are the details to reproduce the problems?

Actions #2

Updated by Jim Pingle about 11 years ago

You are right the interface deletion code does get rid of the rules, but if someone deleted the interface before that code was added, or they upgraded from 1.2.x with the orphaned rules, they could still cause problems. We may need a bit of upgrade code to reap the old orphaned rules without interfaces set.

Actions #3

Updated by Ermal Luçi almost 11 years ago

This was a bug which is fixed.
There is no magic autofix for this rather than telling people to clean their config.
It will hurt nothing since there are protections against this when creating the ruleset.

Actions #4

Updated by Chris Buechler almost 11 years ago

  • Status changed from New to Resolved

this is ok as is since the original bug was fixed. for the few who may have orphaned rules, it's not a big enough deal to go to a lot of trouble cleaning them up automatically since they have no impact on the system.


Also available in: Atom PDF