Erros in rules when using the wizard (BETA3)

basset

Hi

I get the following errors when using the wizard to create rules.

/tmp/rules.debug:137: tags cannot be used without keep state
/tmp/rules.debug:137: skipping rule due to errors
/tmp/rules.debug:137: rule expands to no valid combination
/tmp/rules.debug:139: tags cannot be used without keep state
/tmp/rules.debug:139: skipping rule due to errors
/tmp/rules.debug:139: rule expands to no valid combination
/tmp/rules.debug:141: tags cannot be used without keep state
/tmp/rules.debug:141: skipping rule due to errors
/tmp/rules.debug:141: rule expands to no valid combination
/tmp/rules.debug:143: tags cannot be used without keep state
/tmp/rules.debug:143: skipping rule due to errors
/tmp/rules.debug:143: rule expands to no valid combination
/tmp/rules.debug:145: tags cannot be used without keep state
/tmp/rules.debug:145: skipping rule due to errors
/tmp/rules.debug:145: rule expands to no valid combination
/tmp/rules.debug:147: tags cannot be used without keep state
/tmp/rules.debug:147: skipping rule due to errors
/tmp/rules.debug:147: rule expands to no valid combination
/tmp/rules.debug:149: tags cannot be used without keep state
/tmp/rules.debug:149: skipping rule due to errors
/tmp/rules.debug:149: rule expands to no valid combination
/tmp/rules.debug:151: tags cannot be used without keep state
/tmp/rules.debug:151: skipping rule due to errors
/tmp/rules.debug:151: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded

The rules in question are (from /tmp/rules.debug)

anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

Basset

sullrich

Rerun the traffic shaper wizard.

basset

Hi

Yes.. I tried that … also looked to see if anything else seemed wrong.  I'll update to the lates CVS for the .inc files and see if that makes a difference, but when I looked on the WEB cvs interface that code looked the same .. so expect it will generate the same rules and thus the same errors.

Basset

sullrich

Which rule have you defined that doesn't use key-state?  That does indeed look like a bug at a second glance.

billm

@basset:

anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

Basset

The code to generate those "load anchor" statements only exists in HEAD, not RELENG_1.  Please only report bugs in RELENG_1.  Bug reports for HEAD must be accompanied with a patch.  Thanks

–Bill

billm

And BTW, you also aren't running pfSense's pfctl which allows for this.

–Bill

basset

Oh …

Sorry about that ... I'm getting the latest from CVS now.

Blaiming newbie status for this  :-[

Basset

sullrich

Are you intending to run -HEAD?

On top of this, why has your pfctl changed?

billm

@basset:

Oh …

Sorry about that ... I'm getting the latest from CVS now.

Blaiming newbie status for this  :-[

Basset
[/quote]

HEAD is not meant to be consumed by non-developers.  You should be running code in the RELENG_1 branch.  Better yet, unless you find a bug that has been fixed post release, you should really run a released binary.  We can't and won't support anything else.  I'm marking this thread solved.  Thanks

–Bill