Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed
-
I am having a serious problem after upgrading from pfsense version 2.4.3 to 2.4.4_1 the alias does not work, the aliased rules are not processed, I reinstalled pfsense from scratch in version 2.4.4 worked, but after upgrading to 2.4.4_1 The same problem happened I do not recommend upgrading.bolded text
-
What do you have in those aliases? How are you using them?
I've seen no issue with alises in 2.4.4p1 in any of the boxes I've upgraded myself or worked with.
The only other report I've seen was of alias tables being intermittently filled. I was unable to replicate it though.
Steve
-
That is not a problem for the majority of users. 2.4.4-p1 has a completely rewritten
filterdnsdaemon, so there is the possibility of a new issue coming up, but many others have been fixed.Declaring it broken without offering any evidence to back up your claim is irresponsible at best.
You haven't even described your configuration, let alone provided any log entries, details of the alias/rules, exactly how someone might reproduce the problem, etc.
Just because you have a problem doesn't mean everyone else will. It's something unique to your configuration or environment.
-
Pfsense 2.4.4_1 Squid e Squidguard server ibm system x3250 m3 20GB memory processor Xeon X3430 @ 2.40GHz 4 CPUs 500GB disk alias with ip and also with FQDN alias
is not processed, in the system logs does not show error, already in the firewall rules only informs the locks, as it was in production had to reinstall quickly, in ratification had no alias configured. -
I apologize if only I had this problem, however version 2.4.4 is stable and I'm using it
-
Using the older version is fine for now, but if the problem is specific to your configuration or environment and you do not provide enough information to reproduce the problem, it is unlikely to be fixed in future versions.
-
So it's only that alias that is not populated?
It contains just those 4 IPs or more entries? Does it have FQDNs in it?
Steve
-
@stephenw10 I created a new one with FQDN and it also did not process, I created another one with the ip and also it was not, I apologize the problem happened only with me, I was sad because it impacted directly the company where I work, I had to make a rule releasing all the traffic I tried NSRF and ping and solved dns normally, I removed the origin of the rule and nothing, I got to reinstall the firewall, I have a virtual machine for homologation with version 2.4.4_1 I created the alias and it worked, I was not lucky , let's follow if more people have this problem, thanks for the answers
-
Are you sure ?
Your pfSense is "up side down" or what ? -
Only one interface I would suggest?
Could also have just renamed the interfaces.
Steve
-
i have exactly the same issue on our core firewalls @jimp maybe you remember them from the early days:). Everything worked fine untill we upgraded to 2.4.4P3 2 weeks ago. Since then we have had many problems with aliasses (still happening and reproducible).
I have an alias with many ip's in them. Some of them work and some dont.
So for example i have rule with: a.a.a.a and b.b.b.b in an alias.
a.a.a.a will work but b.b.b.b doesnt.If i put b.b.b.b in a seperate rule it will work fine.
All traffic is blocked by the default rule...
-
What version did you upgrade from?
Do you have a mix of IPs and FQDNs?
Do you see any filterdns errors in the logs?
Steve
-
went from 2.4.4 to 2.4.4. p3
Only IP's in this particular alias but we have had the same issue with other aliassen.
No problems.If you like you can take a look. It is very easily reproducible.
-
I gave up updating, I continue with version 2.4.4 I almost got fired from my job because of it.
some time later I had problems with Aliases Hostname Resolution Range I increased this number, try changing it and see if it works. -
@dreivi said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:
I gave up updating, I continue with version 2.4.4 I almost got fired from my job because of it.
Be careful : not testing upgrades before deploying could be dangerous for employment.
Not updating at all (true : no testing is needed here) got fired the better part of us. -
The only outstanding alias issue I'm aware of is this: https://redmine.pfsense.org/issues/9296
I've not replicated that myself but does that explain what you're seeing?
Steve
-
@stephenw10 said in Do not upgrade to Pfsense 2.4.4_1 Firewall rules with aliases are not processed:
The only outstanding alias issue I'm aware of is this: https://redmine.pfsense.org/issues/9296
I've not replicated that myself but does that explain what you're seeing?
Steve
nope not the same. These are IP based aliasses..
-
Nested aliases of IPs only then?
I have some huge alises here and haven't seen any problems but they are not nested.
Steve
-
lol i have worked with pfsense for 10 years+ and never knew you could use nested aliases:)
We have tens of pfsense's and only this particular pfsense is having problems...
-
Hmm, interesting. What's special about that then. Some odd character in there maybe that would be disallowed now but passed input validation years ago when it was added?
If you want to open a ticket and send us a status_output file I can look through it. https://go.netgate.com
Steve
