unknown port b

  • Hello

    I have just freshly installed pfsense on a reasonably good hardware (i7 processor with 16GB RAM, zfs mirror, 32GB Swap (unnecessary, I know, couldn't resist :D)). And I am constantly receiving this error

    There were error(s) loading the rules: /tmp/rules.debug:101: unknown port b - The line in question reads [101]: block in log quick proto tcp from <sshguard> to (self) port b tracker 1000000301 label "sshguard"
    @ 2018-11-01 14:32:35

    My system details
    2.4.4-RELEASE (amd64)
    built on Thu Sep 20 09:03:12 EDT 2018
    FreeBSD 11.2-RELEASE-p3

    Google search indicated people had good result when they changed Firewall Maximum Table Entries size to 400000, but I have not had much luck even after multiplying that to quite extreme (and not sure why should that have any effect whatsoever). The offending rule in question from /tmp/rules.debug reads

    # SSH lockout
    block in log quick proto tcp from <sshguard> to (self) port b tracker 1000000301 label "sshguard"

    this looks very much like a rule generation script hiccup than table entry size issue. Would appreciate if someone could please suggest a solution, or anything I can try out for testing

    Thanks and regards

  • LAYER 8 Global Moderator

    No idea where the b came from the rule would look like this

    [2.4.4-RELEASE][root@sg4860.local.lan]/: pfctl -sr | grep sshguard
    block drop in quick proto tcp from <sshguard> to (self) port = ssh label "sshguard"

    Or if you want to view it in the debug file

    [2.4.4-RELEASE][root@sg4860.local.lan]/: cat /tmp/rules.debug | grep sshguard
    table <sshguard> persist
    block in  quick proto tcp from <sshguard> to (self) port 22 tracker 1000000301 label "sshguard"

    Did you put a "b" in for the port of your ssh server? I wouldn't think that would be allowed ;)

  • Thank you for your response.

    Yes, I know how it should look like, and I did change it (manually, over ssh). But every time the system reloads/restarts/regenerates the rules it is broken again. As you may very well understand, it is not always practical to try and fix it over ssh -- so trying to figure out if this is a big and should wait for a fix, or write a cron job to periodically check and update/delete that line.

    Thanks and regards.

  • LAYER 8 Global Moderator

    Not sure where that gets parsed from.. But something corrupted would be my guess.. Your not running any packages?

  • Rebel Alliance Developer Netgate

    That's a known bug in the ssh settings. It's fixed on 2.4.5 snapshots and will be in 2.4.4-p1


    You can apply the commits from that issue with the system patches package in the meantime.

  • Thanks jimp, that makes sense. I will try the patch and hope it will go alright.


Log in to reply