Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Beta 3 - Problem with filter rules and fix

    Scheduled Pinned Locked Moved
    Firewalling
    4
    4
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Slayback
      last edited by

      I don't know if this affects anyone else, but it left me with no internet access for a while.

      The error I was getting was "There were error(s) loading the rules: /tmp/rules.debug:376: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [376]: label "USER_RULE" …"

      Looking at the file /tmp/rules.debug shows sure enough, there's a line with just "label USER_RULE" on it, and pfctl is choking on it.

      First, how to fix this to get internet up and running:
      Make note of the number after /tmp/rules.debug in the error message.  That's the line number that the problem is on.
      Now, open up a command shell on either the console or SSH and type the following...

      Open the ruleset with vi:

      vi /tmp/rules.debug

      Jump to the line number that has the problem:

      :374

      Delete that line.  If you see other similar lines below it, delete those as well with this command:

      dd

      Save the changes and quit vi:

      :wq!

      Now reload the filter with the fixed ruleset:

      /sbin/pfctl -f /tmp/rules.debug

      You should have all your rules loaded at this point, and internet access should be restored.

      Now, the more permanent fix.  This does require knowing how to change text with VI, which I'm not going to get into right now…
      Open up /etc/inc/filter.inc:

      vi /etc/inc/filter.inc

      Jump to line 2003:

      :2003

      You need to change the line from```
      else

      to

      elseif($line <> "")

      Quit and save changes

      :wq!

      Now you should be able to change any firewall rules without problem.
      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Thats commited now.

        Anyone else that runs into the problem and are on a full installation can run "cvs_sync.sh releng_1" from a shell without the "'s!

        1 Reply Last reply Reply Quote 0
        • A
          Aderium
          last edited by

          I just upgraded from Beta 2..

          Does that mean the cvs_sync.sh releng_1 does not apply ?

          Thanks

          Anthony Palermo

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            "cvs_sync.sh releng_1" syncs your box to what can be found at the web. It's the latest of pfSense developement. It's recommended to upgrade to the latest official release and then run this command on top if you encounter any problems or you encounter a bug that is already fixed in the codetree but there is no image/update for it yet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post