Deleting interface does not delete firewall rules
-
viewing rules in console doesn't show any invalid rules. Ref: https://docs.netgate.com/pfsense/en/latest/firewall/viewing-the-full-pf-ruleset.html
edit: it could be another bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234874
-
this seems like the fix (mute the message): https://svnweb.freebsd.org/base/stable/12/sys/netpfil/pf/pf_table.c?r1=343289&r2=343288&pathrev=343289
-
bump
-
That error has nothing to do with deleting an interface or rules. Probably just a coincidence.
We could add that patch, though, open a request on https://redmine.pfsense.org/ and reference that error message, FreeBSD bug report, and the diff. Do not mention deleting the interface/rules though because that isn't related.
As for deleted interface rules, that's how it's always worked. I think there is already an open issue to change things there.
-
@jimp done https://redmine.pfsense.org/issues/9459
-
completely rebuilt pfsense in virtualbox, then deployed it on baremetal box. I don't see the issue anymore. Will update if it continues.
-
nevermind the issue is back. idk i tried everything to fix it.
-
alright so played around with more settings.
disabled nat reflection and port forward to plex manjaro box. No warnings in last hour. I still have another port forward to deluge with no issues. clearly some odd nat reflection issue. -
no warnings for 2 hrs. nat reflection is clearly the reason for this warning. possible bug.
-
no warning for past day.
-
So I was able to find another way to keep nat reflection turned on and stop the spam. I changed one of the port forward rules from tcp/udp to separate tcp and udp rules. It fixed the issue. tcp/udp port forward rule might be broken.