Bug in Firewall GUI



  • I'm trying to change an existing firewall rule and update its source from an IP address to an alias.  I have the alias defined and when I select it in the UI (…it even shows it to me in a drop list) and I save, it tells me to "Please match the requested format" and will not save.  However, if I attempt the same operation from another browser, I can save it fine.  I'm currently using Chrome Version 53.0.2785.116 m (64-bit) for Windows and pfSense 2.3.2.  Chrome on my phone and IE 11 allowed me to make the changes.  Is this a bug in that version of Chrome or the pfSense GUI?


  • Developer Netgate

    It's a bug in Chrome



  • Does anyone have any details on this particular bug?  I think we either need to get Google to fix it or pfSense needs to work around it (if possible).


  • Rebel Alliance Developer Netgate

    We have a workaround in the repo, but Chrome needs to fix it. I don't know if anyone has reported it to Chrome.

    https://redmine.pfsense.org/issues/6762
    https://github.com/pfsense/pfsense/pull/3127



  • Thanks for the info.  After reading the spec, it does appear that Chrome desktop isn't treating this correctly.  However, at least your workaround isn't a hack.  It's a legal alternate definition that doesn't activate the Chrome bug.  Sounds like a reasonable change to make everyone happy without having to fight the beast that is Google.



  • @AsgardianFW:

    Sounds like a reasonable change to make everyone happy without having to fight the beast that is Google.

    It is prudent to fight the beast though.  Otherwise the beast will unilaterally create defacto standards.  They need to be held accountable to adhering to the agreed upon industry standards like everyone else.



  • I couldn't agree more.  Keep us posted on your response from Google.  ;)



  • @AsgardianFW:

    I couldn't agree more.  Keep us posted on your response from Google.  ;)

    With people having defeatist attitudes like that it's now wonder behemoth corps. think they can steamroll anything they want.

    And personally I wouldn't accommodate them.  I let their browser be broken.



  • To NOYB:

    I think you're confusing defeatist attitude with the wisdom that experience brings on knowing which battles to fight.  I've championed plenty of battles with Microsoft and Google.  I know exactly how the process goes and I know the energy required to accomplish that goal.  This fight is not justified for a couple of reasons:

    • I don't feel that Google is purposely trying to set their own agenda by preventing people from escaping every character in regular expressions.  In fact the reason that Chrome is the most used browser is because Google does their best to render pages better than anyone else…from those that try to follow the standards to those that don't (Internet Explorer style).  Chrome can successfully render more non-standard HTML than any other browser on the market.

    • If there was something more sinister going on that prevented real functionality or caused pfSense devs to code up a massive hack, then the fight might be worth it.  In fact, the current fix in the repo is clean, appropriate, and concise.  The fact that the change was made to circumvent a very minor Chrome bug is unfortunate, but inconsequential.

    Plus, you are clearly very passionate about this issue.  In my opinion, your passions are wasted running away from the problem.  If you feel so strongly, you should contact the Chrome devs and get them to investigate this issue.



  • So they are the ones who create the experiences that result in defeatist attitudes.  It works perfectly for them.  Now they don't have to deal with it.  In one word it is called manipulation.  And I'm a victim of it too.  That's why I said I wouldn't accommodate them and would just let their browser be broken.


  • Rebel Alliance Developer Netgate

    I'm spamming this into all of the various threads that have come up about the Chrome bug:

    • Navigate to System > Package Manager, Available Packages tab
    • Install the System Patches package
    • Navigate to System > Patches
    • Click + Add New Patch
    • Enter the Description: Chrome Bug Workaround
    • Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4
    • Click Save
    • Click Fetch
    • Click Apply


  • This still does not work in 2.3.2-p1

    I have, however, a machine running 2.2.4, and this has no problem…



  • @cyber7:

    This still does not work in 2.3.2-p1

    I have, however, a machine running 2.2.4, and this has no problem…

    Have you tried to refresh the page?  (ctrl-f5)



  • I see the problem does not occur on Google Chrome 52.0.2743.116m (64-bit), so it seems it is only in the newer release of Chrome…


  • Rebel Alliance Developer Netgate

    If you only see "revert" then you already have the patch applied. 2.3.2-p1 includes the patch already, you do not need to do anything if you have updated.


Log in to reply