Firewall rules added from GUI want to add 802.1p, which causes errors
-
Thanks for the catch. Found this on a fresh install using pfSense-memstick-2.1-BETA1-i386-20130410-0638.img.gz
Did the edit to line 1322 and it appears to be fixed.
Looks like a problem with this snapshot. I'm sure it's because I decided to grab the latest to load on a production box… -
Has this been fixed ? Updated to latest snapshot in 2.1 and now I get same issue
11:54:18 [ There were error(s) loading the rules: /tmp/rules.debug:466: invalid ieee8021q_pcp value none - The line in question reads [466]: pass in quick on $WAN reply-to ( bge1 208.73.1.1 ) inet proto tcp from any to $dss port 443 ieee8021q-pcp none ieee8021q-setpcp none flags S/SA keep state label USER_RULE: LB access]
Cant add in any rules
-
Could you copy and paste your /usr/local/www/firewall_rules_edit.php file at line 1322? My revision got merged, but I'm not sure if it made it into the latest snapshot.
If it doesn't look like this:
$opts .= "<option value="\"\"">{$vprio}</option>\n";you should be able to edit it to that until it's in the next latest.
-
This is what I see in that line
$opts .= "<option value="""">{$vprio}</option>\n";
-
I am not sure if it looks the same or not but I still get that error when creating new rules.
What else would you like to see ?
-
Are you sure that it's from new rules you're adding? I cannot reproduce this behavior with the edited code, but if rules created while this bug was in are still in use and haven't yet been re-saved, that may be where it's coming from. I'd recommend moving through your rules and making sure that the 802.1p section is not expanded anywhere you don't expect it to be.
A quick way to test if it's affecting new rules is to just create one and save it, then edit it immediately after. If the 802.1p section is expanded, weird stuff is afoot. If it's not, old rules are the culprit.
-
Well,
Every time I add a rule I see this notification. Quiet frankly it looks like there are other things jammed up now. Which may go back to the rules being jammed while the bug is in. Some natting seems to not work correctly fo sure.
When was this issue introduced and can I update to a prior version ? -
I'd recommend moving through your rules and making sure that the 802.1p section is not expanded anywhere you don't expect it to be.
A quick way to test if it's affecting new rules is to just create one and save it, then edit it immediately after. If the 802.1p section is expanded, weird stuff is afoot. If it's not, old rules are the culprit.
Where is this section ? in the /usr/local/www/firewall_rules_edit.php Can you paste what it should look like ?
-
The relevant line you pasted is correct. Create a rule and save it. Now immediately edit that rule. If it looks like the one on the right, something weird is going on. If it looks like the one on the left, the notifications are from old rules reloading. You SHOULD be able to go into each of those rules and save them to get rid of the "none" value.
-
This should be fixed all-around in current snapshots. It will ignore the none if it's there and edit/save will remove it.
