[SOLVED]Firewall rules apply only after reboot

stpq

Hi..

I've got an issue with new install of 2.1.4 and following upgrade to 2.1.5.
Since the install i am unable to reload firewall rules without reboot of the machine itself. I have tried resetting state tables and similar. The state tables are empty. Im in a dead end as i dont know anymore what shall i check/reconfigure.

The router has one physical interface and around ten vlan interfaces. three of them have gateway (theyre wan). I use the machine for isolating one vlan from the others, the actual intervlan routing is happening on a switch.

Would be really nice to be pointed in some sort of direction, as im lost.

thanks for potential reply

s

Jamerson

i am having the same issue i beleive .
even i apply the rules they are not working,
now i read your post ive rebooted the firewall and al start working.

stpq

now!

thanks for heads up! I'm really happy (don't take me wrong) that somebody has the same problem (happy i'm not alone)…. Let's compare some things.....

my version 2.1.5
architecture i386
multiple vlan interfaces....
what your state table looks like? my one is empty

s

stpq

so, thanx to PiBa-NL on IRC channel i got to the solution…

after checking /tmp/rules.debug the rules appeared there
after checking #pfctl -f /tmp/rules.debug i got plenty of these errors: /tmp/rules.debug:151: errors in queue definition
after checking # pfctl -sr  i got pfctl: Syntax error in config file: pf rules not loaded

CONLUSION: i have use traffic shaping wizard... didnt work. Contaminated config with some errors (i got no clue what errors)

SOLUTION: delete the shaping rules & delete traffic shaper

now the rules are working like a charm without reboot.

thanks again!

Jamerson

@stpq:

now!

thanks for heads up! I'm really happy (don't take me wrong) that somebody has the same problem (happy i'm not alone)…. Let's compare some things.....

my version 2.1.5
architecture i386
multiple vlan interfaces....
what your state table looks like? my one is empty

s

My Version also 2.1.5 the issues start after i updated from 2.1.4 to 2.1.5

2.1.5-RELEASE (amd64)
1 WAN
2Lan
state table is
TABLES:
EX
bogons
bogonsv6
snort2c
sshlockout
virusprot
webConfiguratorlockout

OS FINGERPRINTS:
710 fingerprints loaded

Fishrman

Hello,

Had to refresh the topic.
I have a problem as well the same. version 2.1.5, @ embedded Flash
I dont have any additional packages apart from default install and I dont have traffic shaper…

I believe the problem appeared after updateing from 2.1.4 to 2.1.5
I have to reboot the entire machine to get my updated rules work :(

Can you please help me?

phil.davis

What is in your system log after you change a rule and press "Apply"?

and then what "interesting" rule/s do you have that would cause whatever "error loading the rules" message is logged?

This is really likely to be some unusual combination of settings on rule/s.

Derelict

I had the same thing happen.  I was horsing around with the shaper, it was complaining about percentages or something, and I got sidetracked and went on to something else.

Days later, I wanted to add some rules and they simply, and silently, wouldn't take.

Turns out the queue definitions were preventing pf from loading the rule set but simply making rule changes and applying doesn't seem to check whether loading the rules was successful like changing the shaper does.  The rules simply don't load, silently.

Running pfctl -nf /tmp/rules.debug was how I found the problem, too.

Fishrman

I managed find the reason of my problem.
I had uploaded URL tables for an alias from Bluetack (I-Block)
And that found to be somewhat wrong….

Maybe I did somenthing wrong....
Should I paste an URL to the update URL of the table as an Alias ??
Or should I do somenthing more ??
e.g
http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz