Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed
-
I apologize if only I had this problem, however version 2.4.4 is stable and I'm using it
-
Using the older version is fine for now, but if the problem is specific to your configuration or environment and you do not provide enough information to reproduce the problem, it is unlikely to be fixed in future versions.
-
So it's only that alias that is not populated?
It contains just those 4 IPs or more entries? Does it have FQDNs in it?
Steve
-
@stephenw10 I created a new one with FQDN and it also did not process, I created another one with the ip and also it was not, I apologize the problem happened only with me, I was sad because it impacted directly the company where I work, I had to make a rule releasing all the traffic I tried NSRF and ping and solved dns normally, I removed the origin of the rule and nothing, I got to reinstall the firewall, I have a virtual machine for homologation with version 2.4.4_1 I created the alias and it worked, I was not lucky , let's follow if more people have this problem, thanks for the answers
-
Are you sure ?
Your pfSense is "up side down" or what ? -
Only one interface I would suggest?
Could also have just renamed the interfaces.
Steve
-
i have exactly the same issue on our core firewalls @jimp maybe you remember them from the early days:). Everything worked fine untill we upgraded to 2.4.4P3 2 weeks ago. Since then we have had many problems with aliasses (still happening and reproducible).
I have an alias with many ip's in them. Some of them work and some dont.
So for example i have rule with: a.a.a.a and b.b.b.b in an alias.
a.a.a.a will work but b.b.b.b doesnt.If i put b.b.b.b in a seperate rule it will work fine.
All traffic is blocked by the default rule...
-
What version did you upgrade from?
Do you have a mix of IPs and FQDNs?
Do you see any filterdns errors in the logs?
Steve
-
went from 2.4.4 to 2.4.4. p3
Only IP's in this particular alias but we have had the same issue with other aliassen.
No problems.If you like you can take a look. It is very easily reproducible.
-
I gave up updating, I continue with version 2.4.4 I almost got fired from my job because of it.
some time later I had problems with Aliases Hostname Resolution Range I increased this number, try changing it and see if it works. -
@dreivi said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:
I gave up updating, I continue with version 2.4.4 I almost got fired from my job because of it.
Be careful : not testing upgrades before deploying could be dangerous for employment.
Not updating at all (true : no testing is needed here) got fired the better part of us. -
The only outstanding alias issue I'm aware of is this: https://redmine.pfsense.org/issues/9296
I've not replicated that myself but does that explain what you're seeing?
Steve
-
@stephenw10 said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:
The only outstanding alias issue I'm aware of is this: https://redmine.pfsense.org/issues/9296
I've not replicated that myself but does that explain what you're seeing?
Steve
nope not the same. These are IP based aliasses..
-
Nested aliases of IPs only then?
I have some huge alises here and haven't seen any problems but they are not nested.
Steve
-
lol i have worked with pfsense for 10 years+ and never knew you could use nested aliases:)
We have tens of pfsense's and only this particular pfsense is having problems...
-
Hmm, interesting. What's special about that then. Some odd character in there maybe that would be disallowed now but passed input validation years ago when it was added?
If you want to open a ticket and send us a status_output file I can look through it. https://go.netgate.com
Steve
-
@stephenw10 said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:
Hmm, interesting. What's special about that then. Some odd character in there maybe that would be disallowed now but passed input validation years ago when it was added?
If you want to open a ticket and send us a status_output file I can look through it. https://go.netgate.com
Steve
done
