default let out anything from firewall host itself rule breaks rules



  • After an upgrade (I think) the firewall rules does not load any more. And it seems like the line is missing something after from and after !

    How can one find what makes that line missing data. Or how can it be debugged in some way.

    No extra packages are installed but snort has been in the past.

    Setting up logging information
    Setting up SCRUB information
    There were error(s) loading the rules: /tmp/rules.debug:321: syntax error - The line in question reads [321]: pass out route-to ( em0 62.50.xx.xx ) from to !/ tracker 1000044762 keep state allow-opts label "let out anything from firewall host itself"


  • Netgate

    There are system patches available for this issue. It will be fixed in 2.4.4.
    The patch commit IDs are:
    63b2c4c878655746f903565dec3f34b3d410153f
    c9159949e06cc91f6931bf2326672df7cad706f4
    If you want to test them you can install them using the System Patches package

    Install the System Patches package in System > Package Manager, Available Packages. It will be at System > Patches when you are done.
    Add a new patch
    Enter a description
    Enter 63b2c4c878655746f903565dec3f34b3d410153f as the Commit ID
    Set the path strip count to 1
    Set Base Directory to /
    Check Ignore Whitespace.
    Save

    That should retrieve the patch.

    Then Fetch it then test it. It should say it CAN be applied cleanly and CANNOT be reverted (those test results will flip after it is applied).
    Then you can apply it.
    Repeat for the other patch(es).

    You can simply revert the patches if they cause issues.



  • Thats great. Now I got my changes to the ruleset to work :)


  • Netgate

    🎉


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy