pfSense upgrade to 22.05 caused my server to go down
-
I have pfSense that's in production with 100 users, I just got update notification for 22.05, updates my pfsense and I'm getting
Filter Reload There were error(s) loading the rules: pfctl: pfctl_rules - The line in question reads [0]Removed all packages, same. even updated to development snapshot, same. Can someone please help?
I also did this:
egrep -v '^#|^[[:blank:]]*$' /tmp/rules.debug | sort | uniq -c | grep -v '^ 1only duplicate line is
2 table <negate_networks> { 10.255.50.0/24 }and when I check
/tmp/rules.debugI see this:
table <vpn_networks> { 10.255.50.0/24 } table <negate_networks> { 10.255.50.0/24 } table <negate_networks> { 10.255.50.0/24 } -
I have that same line duplicated in my rules.debug, and it does appear to be an error, but it isn't causing a pf error in my case. The duplicate line issue you linked was during development but wasn't a problem later.
What do you see if you run
pfctl -f /tmp/rules.debug?There is probably some other error in there, not related to what you are seeing.
-
Hello, I've verified the problem.
I got that notice after my rules had not been updated for some time.I followed iTestAndroid tecnique and confirmed that I had too this negate duplicate networks , so i checked "Disable Negate rules" and manually reloaded filter,
which addressed the issue.but issue is not solved yet.
I'have also tryed disabling nat reflection, but nothing
Output of:pfctl -f /tmp/rules.debugis
pfctl: pfctl_rulesFollowing this thread after solved the duplicate ruleset, a reboot was needed. That solved the issue for me.
