Erros in rules when using the wizard (BETA3)



  • Hi

    I get the following errors when using the wizard to create rules.

    /tmp/rules.debug:137: tags cannot be used without keep state
    /tmp/rules.debug:137: skipping rule due to errors
    /tmp/rules.debug:137: rule expands to no valid combination
    /tmp/rules.debug:139: tags cannot be used without keep state
    /tmp/rules.debug:139: skipping rule due to errors
    /tmp/rules.debug:139: rule expands to no valid combination
    /tmp/rules.debug:141: tags cannot be used without keep state
    /tmp/rules.debug:141: skipping rule due to errors
    /tmp/rules.debug:141: rule expands to no valid combination
    /tmp/rules.debug:143: tags cannot be used without keep state
    /tmp/rules.debug:143: skipping rule due to errors
    /tmp/rules.debug:143: rule expands to no valid combination
    /tmp/rules.debug:145: tags cannot be used without keep state
    /tmp/rules.debug:145: skipping rule due to errors
    /tmp/rules.debug:145: rule expands to no valid combination
    /tmp/rules.debug:147: tags cannot be used without keep state
    /tmp/rules.debug:147: skipping rule due to errors
    /tmp/rules.debug:147: rule expands to no valid combination
    /tmp/rules.debug:149: tags cannot be used without keep state
    /tmp/rules.debug:149: skipping rule due to errors
    /tmp/rules.debug:149: rule expands to no valid combination
    /tmp/rules.debug:151: tags cannot be used without keep state
    /tmp/rules.debug:151: skipping rule due to errors
    /tmp/rules.debug:151: rule expands to no valid combination
    pfctl: Syntax error in config file: pf rules not loaded

    The rules in question are (from /tmp/rules.debug)

    anchor qwanRoot tagged qwanRoot
    load anchor qwanRoot from "/tmp/qwanRoot.rules"
    anchor qlanRoot tagged qlanRoot
    load anchor qlanRoot from "/tmp/qlanRoot.rules"
    anchor qwandef tagged qwandef
    load anchor qwandef from "/tmp/qwandef.rules"
    anchor qlandef tagged qlandef
    load anchor qlandef from "/tmp/qlandef.rules"
    anchor qwanacks tagged qwanacks
    load anchor qwanacks from "/tmp/qwanacks.rules"
    anchor qlanacks tagged qlanacks
    load anchor qlanacks from "/tmp/qlanacks.rules"
    anchor qVOIPUp tagged qVOIPUp
    load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
    anchor qVOIPDown tagged qVOIPDown
    load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

    Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

    Basset



  • Rerun the traffic shaper wizard.



  • Hi

    Yes.. I tried that … also looked to see if anything else seemed wrong.  I'll update to the lates CVS for the .inc files and see if that makes a difference, but when I looked on the WEB cvs interface that code looked the same .. so expect it will generate the same rules and thus the same errors.

    Basset



  • Which rule have you defined that doesn't use key-state?  That does indeed look like a bug at a second glance.



  • @basset:

    anchor qwanRoot tagged qwanRoot
    load anchor qwanRoot from "/tmp/qwanRoot.rules"
    anchor qlanRoot tagged qlanRoot
    load anchor qlanRoot from "/tmp/qlanRoot.rules"
    anchor qwandef tagged qwandef
    load anchor qwandef from "/tmp/qwandef.rules"
    anchor qlandef tagged qlandef
    load anchor qlandef from "/tmp/qlandef.rules"
    anchor qwanacks tagged qwanacks
    load anchor qwanacks from "/tmp/qwanacks.rules"
    anchor qlanacks tagged qlanacks
    load anchor qlanacks from "/tmp/qlanacks.rules"
    anchor qVOIPUp tagged qVOIPUp
    load anchor qVOIPUp from "/tmp/qVOIPUp.rules"
    anchor qVOIPDown tagged qVOIPDown
    load anchor qVOIPDown from "/tmp/qVOIPDown.rules"

    Any ideas ?? Seems like it is looking for "keep state" but I'm not sure if adding that will fix it or not ?

    Basset

    The code to generate those "load anchor" statements only exists in HEAD, not RELENG_1.  Please only report bugs in RELENG_1.  Bug reports for HEAD must be accompanied with a patch.  Thanks

    –Bill



  • And BTW, you also aren't running pfSense's pfctl which allows for this.

    –Bill



  • Oh …

    Sorry about that ... I'm getting the latest from CVS now.

    Blaiming newbie status for this  :-[

    Basset



  • Are you intending to run -HEAD?

    On top of this, why has your pfctl changed?



  • @basset:

    Oh …

    Sorry about that ... I'm getting the latest from CVS now.

    Blaiming newbie status for this  :-[

    Basset
    [/quote]

    HEAD is not meant to be consumed by non-developers.  You should be running code in the RELENG_1 branch.  Better yet, unless you find a bug that has been fixed post release, you should really run a released binary.  We can't and won't support anything else.  I'm marking this thread solved.  Thanks

    –Bill


Log in to reply