Filter errors on upgrade
-
i was on a jan 7 build prior and then updated to the latest.
i got constant errors about every LAN rule as well as IPSEC rules if IPSEC vpn was enabled.
to resolve this quickly i deleted all LAN rules and all IPSEC rules then manually re-created them. This resolved this.
I didn't have a backup of my rules prior so I had to fix it and it totally shut down the network so I had to fix it fast. thankfully it's only a little bit after midnight.
This was my first pfsense upgrade that went bad. i haven't been taking more precautions because they have been smoother. i will next time. now for sweet sweet sleep.
-
I had a similar issue after upgrading. Any rules that had the protocol set to any (*) before upgrade had no protocol listed (it was blank) on the Firewall: Rules page. Editing and reapplying the any protocol to the rules fixed the filter errors for me.
-
Had a similar problem after upgrade from beta 5 to RC1… kept getting filer load errors due to unreadable/corrupt line in the config. Had to do with the default LAN * to WAN outbound rule. Basically I had no LAN to WAN rules, so no inet from LAN. inet access from router/console was ok. Wasn't able to do much with the LAN rule as it kept stating I needed to select a protocol, but wasnt able to do that as the rule was linked to NAT. Messed around with it for an hour or so and eventually tried restoring configs from 2/19 and from November 2010, same issues with both. Ended up back reving to beta 5 and loaded the 2/19 conf and everything was happy. Only change from the 2/19 config was a change in nics.
-
2.0-RC1 (amd64)
built on Thu Mar 3 19:27:51 EST 2011There were error(s) loading the rules: /tmp/rules.debug:250: syntax error
/tmp/rules.debug:251: syntax error
/tmp/rules.debug:252: syntax error
/tmp/rules.debug:275: syntax error
/tmp/rules.debug:280: syntax error
/tmp/rules.debug:282: syntax error
/tmp/rules.debug:283: syntax error
pfctl: Syntax error in config file: pf rules not loaded The line in question reads [250]: pass in quick on $LAN proto from $pony to $link2voip keep state queue (qVoIP,lan) label "USER_RULE: link2voip:queue voip"Firewall rules with Proto=any throw an error after the latest update. The Proto column on the Firewall: Rules page appears blank for these rules after updating, but if you edit the rule it will appear as Proto=TCP. Change this back to "any" and save, apply, then the warning goes away for that rule.
-
+1
I downgrade to i386 Mar 3 10:56:18 and restore my config.
Roy…
-
+1. Really annoying… Edit + apply fixes it as tipycol said.
-
Fix here:
http://forum.pfsense.org/index.php/topic,33909.msg176091.html#msg176091