Problem with Thu Mar 3 17:43:05 EST 2011
-
2.0-RC1 (i386)
built on Thu Mar 3 17:43:05 EST 2011There were error(s) loading the rules: /tmp/rules.debug:138: syntax error/tmp/rules.debug:139: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [138]: pass in quick on $LAN proto from 192.168.168.0/24 to keep state label "NEGATE_ROUTE: Negate policy route for vpn(s)"…
It has stopped routing. I cannot browse the internet and my servers inside cannot be accessed from the outside.
-
Yes, I also got alike problem, when I updated this morning, my notice is syntax errors which preventing the rules to be loaded.
-
I downgraded to built on Wed Mar 2 17:47:38 EST 2011, but still I'm getting the same error. How to fix this?
-
Had the same.
Firewall - Rules - LAN
Edit "Default LAN -> any", changed Protocol to Any, saved. -
Same here - last snapshot (Mar 3) has completely trashed my config.
-
I solve this by editing all the rules which display empty field at summary for protocol column, in my case all those containing *
-
But is it a problrm with hoe the latest snapshot reads the XML or how a previous version wrote it?
Andrew
-
Little of both. It was an issue with an upgrade code bit I added to fix another issue.
If you gitsync and reboot it should be fine.
http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots
Or wait for the next new snap which is building now.
-
Meanwhile, installing an older snapshot and then using the Config History tab to restore a pre-update configuration will fix the problem.
-
Or you could move forward instead of back and make sure the fixes really work for you. :-)
-
Sure, but I believe you'd have to be on the fixed snapshot, which wasn't available when I last checked!
-
See above, re: gitsync.
-
The customer had no Internet access, so a gitsync was no possible; fortunately, he had previous snapshots downloaded.
-
They had no access from LAN because pf didn't load the NAT rules, from the box itself it would have been fine.
-
I appreciate the feedback, but had to fix the problem within a very narrow time frame (happened on a customer deployment); the idea of gitsync'ing did not occur to me (and when it happened, there was no indication on the forum threads that it had already been fixed, so a rollback really seemed the safe choice then).
I am really thankful for the work you guys have been putting on this, and - on top of that - that you still have time to offer support on the forum: amazing!
Marcello
Sao Paulo - SP - Brazil -
I shall start coming here first and checking. Then proceed with caution,
Perhaps there should be an open Red Alert Thread.
Totally hosed one box, could not go forward or backward ::)
-
The new snapshot is up now, so it's sort of a moot point.
-
Yeah right - until the next gotcha ::)
Is this the "good" snapshot?
pfSense-Full-Update-2.0-RC1-i386-20110304-0811.tgz
The new snapshot is up now, so it's sort of a moot point.
-
-
I shall start coming here first and checking. Then proceed with caution,
Perhaps there should be an open Red Alert Thread.
Totally hosed one box, could not go forward or backward ::)
nice plan but the bad build was built on Thu Mar 3 17:43:05 EST 2011 and this thread was opened on Friday Mar 4 at 03:19:57 am…
http://forum.pfsense.org/index.php/topic,33905.0.html is another fun experience for me and some others. I posted that at 12:13am but since I was so tired when I did this, the post is a little hard to read.
But many thanks to Jimp. Many enterprise firewall providers would not have found and fixed the problem as quickly as you did. Kudos!
