Erros in rules when using the wizard (BETA3)
-
Hi
I get the following errors when using the wizard to create rules.
/tmp/rules.debug:137: tags cannot be used without keep state
/tmp/rules.debug:137: skipping rule due to errors
/tmp/rules.debug:137: rule expands to no valid combination
/tmp/rules.debug:139: tags cannot be used without keep state
/tmp/rules.debug:139: skipping rule due to errors
/tmp/rules.debug:139: rule expands to no valid combination
/tmp/rules.debug:141: tags cannot be used without keep state
/tmp/rules.debug:141: skipping rule due to errors
/tmp/rules.debug:141: rule expands to no valid combination
/tmp/rules.debug:143: tags cannot be used without keep state
/tmp/rules.debug:143: skipping rule due to errors
/tmp/rules.debug:143: rule expands to no valid combination
/tmp/rules.debug:145: tags cannot be used without keep state
/tmp/rules.debug:145: skipping rule due to errors
/tmp/rules.debug:145: rule expands to no valid combination
/tmp/rules.debug:147: tags cannot be used without keep state
/tmp/rules.debug:147: skipping rule due to errors
/tmp/rules.debug:147: rule expands to no valid combination
/tmp/rules.debug:149: tags cannot be used without keep state
/tmp/rules.debug:149: skipping rule due to errors
/tmp/rules.debug:149: rule expands to no valid combination
/tmp/rules.debug:151: tags cannot be used without keep state
/tmp/rules.debug:151: skipping rule due to errors
/tmp/rules.debug:151: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loadedThe rules in question are (from /tmp/rules.debug)
anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?
Basset
-
Rerun the traffic shaper wizard.
-
Hi
Yes.. I tried that … also looked to see if anything else seemed wrong. I'll update to the lates CVS for the .inc files and see if that makes a difference, but when I looked on the WEB cvs interface that code looked the same .. so expect it will generate the same rules and thus the same errors.
Basset
-
Which rule have you defined that doesn't use key-state? That does indeed look like a bug at a second glance.
-
anchor qwanRoot tagged qwanRoot
load anchor qwanRoot from "/tmp/qwanRoot.rules"
anchor qlanRoot tagged qlanRoot
load anchor qlanRoot from "/tmp/qlanRoot.rules"
anchor qwandef tagged qwandef
load anchor qwandef from "/tmp/qwandef.rules"
anchor qlandef tagged qlandef
load anchor qlandef from "/tmp/qlandef.rules"
anchor qwanacks tagged qwanacks
load anchor qwanacks from "/tmp/qwanacks.rules"
anchor qlanacks tagged qlanacks
load anchor qlanacks from "/tmp/qlanacks.rules"
anchor qVOIPUp tagged qVOIPUp
load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
anchor qVOIPDown tagged qVOIPDown
load anchor qVOIPDown from "/tmp/qVOIPDown.rules"Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?
Basset
The code to generate those "load anchor" statements only exists in HEAD, not RELENG_1. Please only report bugs in RELENG_1. Bug reports for HEAD must be accompanied with a patch. Thanks
–Bill
-
And BTW, you also aren't running pfSense's pfctl which allows for this.
–Bill
-
Oh …
Sorry about that ... I'm getting the latest from CVS now.
Blaiming newbie status for this :-[
Basset
-
Are you intending to run -HEAD?
On top of this, why has your pfctl changed?
-
Oh …
Sorry about that ... I'm getting the latest from CVS now.
Blaiming newbie status for this :-[
Basset
[/quote]HEAD is not meant to be consumed by non-developers. You should be running code in the RELENG_1 branch. Better yet, unless you find a bug that has been fixed post release, you should really run a released binary. We can't and won't support anything else. I'm marking this thread solved. Thanks
–Bill