Erros in rules when using the wizard (BETA3)

basset · Apr 26, 2006, 7:10 PM

Hi

I get the following errors when using the wizard to create rules.

/tmp/rules.debug:137: tags cannot be used without keep state
/tmp/rules.debug:137: skipping rule due to errors
/tmp/rules.debug:137: rule expands to no valid combination
/tmp/rules.debug:139: tags cannot be used without keep state
/tmp/rules.debug:139: skipping rule due to errors
/tmp/rules.debug:139: rule expands to no valid combination
/tmp/rules.debug:141: tags cannot be used without keep state
/tmp/rules.debug:141: skipping rule due to errors
/tmp/rules.debug:141: rule expands to no valid combination
/tmp/rules.debug:143: tags cannot be used without keep state
/tmp/rules.debug:143: skipping rule due to errors
/tmp/rules.debug:143: rule expands to no valid combination
/tmp/rules.debug:145: tags cannot be used without keep state
/tmp/rules.debug:145: skipping rule due to errors
/tmp/rules.debug:145: rule expands to no valid combination
/tmp/rules.debug:147: tags cannot be used without keep state
/tmp/rules.debug:147: skipping rule due to errors
/tmp/rules.debug:147: rule expands to no valid combination
/tmp/rules.debug:149: tags cannot be used without keep state
/tmp/rules.debug:149: skipping rule due to errors
/tmp/rules.debug:149: rule expands to no valid combination
/tmp/rules.debug:151: tags cannot be used without keep state
/tmp/rules.debug:151: skipping rule due to errors
/tmp/rules.debug:151: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded

The rules in question are (from /tmp/rules.debug)

anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

Basset

sullrich · Apr 26, 2006, 7:19 PM

Rerun the traffic shaper wizard.

basset · Apr 26, 2006, 9:18 PM

Hi

Yes.. I tried that … also looked to see if anything else seemed wrong. I'll update to the lates CVS for the .inc files and see if that makes a difference, but when I looked on the WEB cvs interface that code looked the same .. so expect it will generate the same rules and thus the same errors.

Basset

sullrich · Apr 26, 2006, 9:21 PM

Which rule have you defined that doesn't use key-state? That does indeed look like a bug at a second glance.

billm · Apr 26, 2006, 10:00 PM

@basset:

anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

Basset

The code to generate those "load anchor" statements only exists in HEAD, not RELENG_1. Please only report bugs in RELENG_1. Bug reports for HEAD must be accompanied with a patch. Thanks

–Bill

billm · Apr 26, 2006, 10:06 PM

And BTW, you also aren't running pfSense's pfctl which allows for this.

–Bill

basset · Apr 27, 2006, 12:29 AM

Oh …

Sorry about that ... I'm getting the latest from CVS now.

Blaiming newbie status for this :-[

Basset

sullrich · Apr 27, 2006, 12:31 AM

Are you intending to run -HEAD?

On top of this, why has your pfctl changed?

billm · Apr 27, 2006, 2:08 AM

@basset:

Oh …

Sorry about that ... I'm getting the latest from CVS now.

Blaiming newbie status for this :-[

Basset
[/quote]

HEAD is not meant to be consumed by non-developers. You should be running code in the RELENG_1 branch. Better yet, unless you find a bug that has been fixed post release, you should really run a released binary. We can't and won't support anything else. I'm marking this thread solved. Thanks

–Bill