default let out anything from firewall host itself rule breaks rules
-
After an upgrade (I think) the firewall rules does not load any more. And it seems like the line is missing something after from and after !
How can one find what makes that line missing data. Or how can it be debugged in some way.
No extra packages are installed but snort has been in the past.
Setting up logging information
Setting up SCRUB information
There were error(s) loading the rules: /tmp/rules.debug:321: syntax error - The line in question reads [321]: pass out route-to ( em0 62.50.xx.xx ) from to !/ tracker 1000044762 keep state allow-opts label "let out anything from firewall host itself" -
There are system patches available for this issue. It will be fixed in 2.4.4.
The patch commit IDs are:
63b2c4c878655746f903565dec3f34b3d410153f
c9159949e06cc91f6931bf2326672df7cad706f4
If you want to test them you can install them using the System Patches packageInstall the System Patches package in System > Package Manager, Available Packages. It will be at System > Patches when you are done.
Add a new patch
Enter a description
Enter 63b2c4c878655746f903565dec3f34b3d410153f as the Commit ID
Set the path strip count to 1
Set Base Directory to /
Check Ignore Whitespace.
SaveThat should retrieve the patch.
Then Fetch it then test it. It should say it CAN be applied cleanly and CANNOT be reverted (those test results will flip after it is applied).
Then you can apply it.
Repeat for the other patch(es).You can simply revert the patches if they cause issues.
-
Thats great. Now I got my changes to the ruleset to work :)
-