Error saving Admin Access page

revengineer · Oct 3, 2018, 1:22 AM

When saving the System -> Advanced -> Admin Access page, I get the error below. Please advise, thank you.

Notifications in this message: 1

21:19:21 There were error(s) loading the rules: /tmp/rules.debug:180: unknown port e - The line in question reads [180]: block in log quick proto tcp from <sshguard> to (self) port e tracker 1000000301 label "sshguard"

jimp · Oct 3, 2018, 4:14 PM

https://redmine.pfsense.org/issues/8974 -- We've got a fix in for this already for the next release.

LucaTNT · Oct 31, 2018, 12:46 PM

Is there a way to apply a patch or something before the next release?
I have to manually edit /tmp/rules.debug to delete that line and then apply the rules with pfctl -f /tmp/rules.debug every time I adjust my firewall.
Also, if I reboot the firewall NAT rules aren't restored until I manually edit that file and manually apply the rules.
I happened to suffer from a longer power outage, longer than my UPS can bear, so I lost connectivity until I was able to phisically get home and fix everything.

Grimson · Oct 31, 2018, 12:48 PM

https://www.netgate.com/docs/pfsense/development/system-patches.html

jimp · Oct 31, 2018, 12:49 PM

Sure, install the System Patches package and then take the relevant commit IDs from the issue linked above and add them, then fetch and apply them. Then edit the SSH settings to what they should be and save.

LucaTNT · Oct 31, 2018, 12:56 PM

Woah, I totally missed that package!
I applied commit ec439957ce0f70778d89f57eba9553e2afba874a, saved my SSH settings (which were incorrect after the patch) and voilà, everything back to normal.

Thanks @Grimson and @jimp!

revengineer · Nov 10, 2018, 9:57 PM

I finally got around to applying the patch and confirm that it solved the issue.

Do I need to remove the patch before the next upgrade, which presumably is 2.4.4_1?

Derelict · Nov 11, 2018, 2:38 AM

After the update that includes that fix is installed you can go back and remove the patch. But it also will not hurt anything if you don't.

revengineer · Nov 11, 2018, 11:56 AM

@derelict Thank you. Is it true in general that patches do not need to be reverted before upgrading? I understand that I may have to re-apply a patch after upgrading but I was not sure if not reverting a patch can mess with the upgrade progress to result in an unusable system.

Derelict · Nov 11, 2018, 11:59 AM

Should be fine upgrading with patches applied as long as the patch doesn't break upgrading somehow. None of the official patches should be a problem there.

revengineer · Nov 11, 2018, 12:01 PM

@derelict Thanks again, that helps for the future.

jimp · Nov 12, 2018, 2:58 PM

It's safe to upgrade since it doesn't check the files before removing them on upgrade, so the changes are moot. It would do something like this:

Initiate upgrade
Old version of files are removed (most cases) or left as-is (rare but can happen)
New versions of files are put in place / old files left as-is are replaced with new versions
Obsolete files are removed if still left around

If, and only if, you had a patch set to auto-apply would it come back after an upgrade. And in most cases patches would fail to apply since the changes are already present in the new code. I say "most cases" as there are rare changes that might possibly apply twice, but such situations are rare, especially with bug fixes.

tl;dr: It's safe to leave patched files/patch entries on upgrade, at worst double check that you do not have them set to auto-apply.

revengineer · Nov 12, 2018, 5:19 PM

@jimp Perfect, thank you for the details. My patch is set up to not auto re-apply after upgrading. So I am set this time. (In the past, I once reinstalled pfsense for good measures after forgetting to revert a patch because I was not sure about these details.)