pfSense upgrade to 22.05 caused my server to go down
-
I have pfSense that's in production with 100 users, I just got update notification for 22.05, updates my pfsense and I'm getting
Filter Reload There were error(s) loading the rules: pfctl: pfctl_rules - The line in question reads [0]
Removed all packages, same. even updated to development snapshot, same. Can someone please help?
I also did this:
egrep -v '^#|^[[:blank:]]*$' /tmp/rules.debug | sort | uniq -c | grep -v '^ 1
only duplicate line is
2 table <negate_networks> { 10.255.50.0/24 }
and when I check
/tmp/rules.debug
I see this:
table <vpn_networks> { 10.255.50.0/24 } table <negate_networks> { 10.255.50.0/24 } table <negate_networks> { 10.255.50.0/24 }
-
I have that same line duplicated in my rules.debug, and it does appear to be an error, but it isn't causing a pf error in my case. The duplicate line issue you linked was during development but wasn't a problem later.
What do you see if you run
pfctl -f /tmp/rules.debug
?There is probably some other error in there, not related to what you are seeing.
-
Hello, I've verified the problem.
I got that notice after my rules had not been updated for some time.I followed iTestAndroid tecnique and confirmed that I had too this negate duplicate networks , so i checked "Disable Negate rules" and manually reloaded filter,
which addressed the issue.but issue is not solved yet.
I'have also tryed disabling nat reflection, but nothing
Output of:pfctl -f /tmp/rules.debug
is
pfctl: pfctl_rules
Following this thread after solved the duplicate ruleset, a reboot was needed. That solved the issue for me.