unknown port b
I have just freshly installed pfsense on a reasonably good hardware (i7 processor with 16GB RAM, zfs mirror, 32GB Swap (unnecessary, I know, couldn't resist :D)). And I am constantly receiving this error
There were error(s) loading the rules: /tmp/rules.debug:101: unknown port b - The line in question reads : block in log quick proto tcp from <sshguard> to (self) port b tracker 1000000301 label "sshguard"
@ 2018-11-01 14:32:35
My system details
built on Thu Sep 20 09:03:12 EDT 2018
Google search indicated people had good result when they changed Firewall Maximum Table Entries size to 400000, but I have not had much luck even after multiplying that to quite extreme (and not sure why should that have any effect whatsoever). The offending rule in question from /tmp/rules.debug reads
# SSH lockout
block in log quick proto tcp from <sshguard> to (self) port b tracker 1000000301 label "sshguard"
this looks very much like a rule generation script hiccup than table entry size issue. Would appreciate if someone could please suggest a solution, or anything I can try out for testing
Thanks and regards
No idea where the b came from the rule would look like this
[2.4.4-RELEASE][email@example.com]/: pfctl -sr | grep sshguard block drop in quick proto tcp from <sshguard> to (self) port = ssh label "sshguard" [2.4.4-RELEASE][firstname.lastname@example.org]/:
Or if you want to view it in the debug file
[2.4.4-RELEASE][email@example.com]/: cat /tmp/rules.debug | grep sshguard table <sshguard> persist block in quick proto tcp from <sshguard> to (self) port 22 tracker 1000000301 label "sshguard" [2.4.4-RELEASE][firstname.lastname@example.org]/:
Did you put a "b" in for the port of your ssh server? I wouldn't think that would be allowed ;)
Thank you for your response.
Yes, I know how it should look like, and I did change it (manually, over ssh). But every time the system reloads/restarts/regenerates the rules it is broken again. As you may very well understand, it is not always practical to try and fix it over ssh -- so trying to figure out if this is a big and should wait for a fix, or write a cron job to periodically check and update/delete that line.
Thanks and regards.
Not sure where that gets parsed from.. But something corrupted would be my guess.. Your not running any packages?
That's a known bug in the ssh settings. It's fixed on 2.4.5 snapshots and will be in 2.4.4-p1
You can apply the commits from that issue with the system patches package in the meantime.
Thanks jimp, that makes sense. I will try the patch and hope it will go alright.