FQ_Codel IPv6 floating rule error
-
I'm also getting similar errors on 2.5.0 RC:
There were error(s) loading the rules: /tmp/rules.debug:178: no routing address with matching address family found. - The line in question reads [178]: pass out quick on { ixl0 } $GWWAN_DHCP6 inet6 from any to any tracker 1613022598 keep state dnqueue( 2,1) label "USER_RULE"
No errors on IPv4 rules so far. I also want to add that this was on a fresh install with no other rulesets or packages other than defaults. I used the following settings for limiters and rules, which worked previously in 2.4.5.
Download Limiter:
Bandwidth: 1200 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 1000 also tried leaving blank
ECN: Enabled
—Download Queue:
Queue Management Algorithm: CoDel
ECN: EnabledUpload Limiter:
Bandwidth: 36 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 1000 also tried leaving blank
ECN: Enabled
—Upload Queue:
Queue Management Algorithm: CoDel
ECN: EnabledFirewall Floating Rule:
Action: Pass
Interface: WAN
Direction: Out
Address Family: IPv6 (Also have similar rule for IPv4)
Protocol: Any
Advanced:
Gateway: WAN_DHCP - (It shows Dynamic here for IPv6, similar to JeFizz I suspect this may be a cause)
In/Out Pipe: Upload Queue (In) / Download Queue (Out) -
@aivxtla Yep, basically same settings as you...
Download Limiter:
Bandwidth: 960 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 4000
ECN: Enabled
—Download Queue:
Queue Management Algorithm: CoDel
ECN: EnabledUpload Limiter:
Bandwidth: 39 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 3000
ECN: Enabled
—Upload Queue:
Queue Management Algorithm: CoDel
ECN: EnabledFirewall Floating Rule (two rules, one for IPV4 and one for IPv6):
Action: Pass
Interface: WAN
Direction: Out
Address Family: IPv4 / IPv6
Protocol: Any
Advanced:
Gateway: WAN_DHCP / WAN_DHCP6
In/Out Pipe: Upload Queue (In) / Download Queue (Out) -
Getting the same error when making an IPv6 floating rule with gateway and limiters set. Selecting the gateway is enough to trigger the error and the rule works just fine if default gateway is set.
Tested with 2.5.0.r.20210211.0300 and 2.5.0.r.20210211.1637 -
@bobbenheim I'm not quite following you on this. I understand that you get the same error when creating the IPv6 floating rule and selecting the IPv6 gateway. What do you mean by "and the rule works just fine if default gateway is set."? I have to select a gateway or the rule will not save (and therefore will produce the error in the original post).
Routing:Gateways:
IPv6 Floating Rule with Limiters:
In Routing\Gateways I have to have a gateway selected due to Wireguard, I can't leave it at Automatic. FYI FWIW.
-
@jefizz I meant that if i set Gateway to default and in/out pipe to none the rule works, if i set the Gateway to WAN_DHCP6 afterwards the error reappears.
-
@aivxtla said in FQ_Codel IPv6 floating rule error:
Gateway: WAN_DHCP - (It shows Dynamic here for IPv6, similar to JeFizz I suspect this may be a cause)
In/Out Pipe: Upload Queue (In) / Download Queue (Out)Same setup here with Aussie Broadband, dynamic IPv6 address, and the exact same error.
-
Might be related to this as the problem occurs when selecting gateway in the floating rule.
-
I am also having this problem with the floating rule error and the dynamic IPv6 gateway throwing the error for the firewall rule on 2.5.
-
Here too. Was working fine before update to Pfsense+ 21.02 Release on a SG-1100.
-
There is an issue that has been identified with dynamic IPv6 gateways (for example, if you use DHCPv6 to obtain an address/prefix). The gateway is not being populated properly behind-the-scenes, which has a ripple effect to other areas in pfSense, including gateway selection in rules, which I believe is what all here are experiencing.
There is no fix available yet (the fix for "dpinger" was to manually specify a monitor address, but that won't have an effect on gateway selection in rules), but if you want to track the bug: https://redmine.pfsense.org/issues/11454
