Pfsense doesn't apply rules
-
Hi.
There is next problem.
I have Pfsense 2.4.4-RELEASE-p1.
I make rule, press the button "Apply" and see that my rule don't work.
I go to Diagnostic->Command Prompt and do next command pfctl -sr.
In the output this command i don't see just added rule!
Rule will appear only after reboot.
What I do wrong? Why rule doesn't appear immediately? -
I just upgraded pfsense to version 2.4.4-RELEASE-p2.
Situation didn't change.
And I see that other people has the same problem. -
@atmega When you create a new rule, PF creates a file
/tmp / rules.debug, and then loads the rules into memory. If there are problems with this file , an error message is written to the log .
log_error ("WARNING: Could not write new rules!");
Check the system log for any errors -
@konstanti said in Pfsense doesn't apply rules:
Check the system log for any errors
Or even pastebin it here (the /tmp/rules.debug file)
-
Thanks!
I found this file. It was created when pfsense started.
If I apply rules, file doesn't change.I found log_error ("WARNING: Could not write new rules!"); in the file /etc/inc/filter.inc
in the function filter_configure_sync
Then I added such a code
$file_12 = "/tmp/text.txt";
$fdescr = fopen($file_12, "a");
fwrite($fdescr, "Step1");
fclose($fdescr);
in the top of the file /etc/inc/filter.incThen i changed a rule and look in the file /tmp/text.txt. And I saw words "Step1".
it means the code works.Then I added such a breakpoint at the top of function filter_configure_sync.
Again I changed a rule and sawin file. New words didn't appear.
It's mean that function don't called. Right? -
While I was making make researches I found some way to solve this problem without rebooting.
- Change a rule, add a rule and so on. Press Apply
- from command line run such a command /etc/rc.filter_configure_sync
- Now you can see your rule in an output of command pfctl -sr
-
@atmega This is wrong.
Everything should happen automatically -
i understand it!
But now I can at least change rules without rebooting! -
@atmega Here we have to deal with the www server
if ($_POST ['apply']) {
$retval = 0;
$retval / = filter_configure();
/usr/local/www / firewall_rules.php -
Konstanti, a lot of thanks for your help.
I found the place in /usr/local/www/firewall_rules.php, wich you pointed me.
I changed filter_configure() to filter_configure_sync() and now everything works perfectly!
I applied rules, I rebooted my server - all right!
Thanks! -
@atmega
Great that it works
However, it is unclear for what reason does not work normally update the rules ?
The normal scheme looks like this
Apply -> filter_configure -> send_message("filter reload") -> daemon check_reload_status -> /etc/rc.filter_configure_syncThis daemon is responsible for asynchronous updating :
rules, interfaces, openvpn, dyndns, restarting webgui,....
Therefore , if with some problems You may run into problems elsewhere . -
I see you are good at pfsense code!
Could you prompt me where does handler of send_message("filter reload") located?
I look at him more closely. -
@atmega
/etc/inc/util.inc -
Hi!
I did the next steps:- I looked in /etc/inc/util.inc and found the body of function send_message.
I saw that function open a file and write a command to this file. If file doesn't exist then function run daemon check_reload_status.
2)But I didn't find the file to writing. I tried manually to run check_reload_status and got error "library libevent-2.0.so.5 not found"!!!! - I did next command from comand line ldd /usr/local/sbin/check_reload_status
I really saw that library libevent-2.0.so.5 is not found - I ran a search of missing library and found other version of library libevent.
- At the least I created a symbolic link ln -s /usr/local/lib/libevent-2.1.so.6 /usr/local/lib/libevent-2.0.so.5
Now I see that everything works perfectly!!!
I rebooted server - everything works!Konstanti! Thanks for your help!
- I looked in /etc/inc/util.inc and found the body of function send_message.