Pfsense doesn't apply rules

  • Hi.
    There is next problem.
    I have Pfsense 2.4.4-RELEASE-p1.
    I make rule, press the button "Apply" and see that my rule don't work.
    I go to Diagnostic->Command Prompt and do next command pfctl -sr.
    In the output this command i don't see just added rule!
    Rule will appear only after reboot.
    What I do wrong? Why rule doesn't appear immediately?

  • I just upgraded pfsense to version 2.4.4-RELEASE-p2.
    Situation didn't change.
    And I see that other people has the same problem.

  • @atmega When you create a new rule, PF creates a file
    /tmp / rules.debug, and then loads the rules into memory. If there are problems with this file , an error message is written to the log .
    log_error ("WARNING: Could not write new rules!");
    Check the system log for any errors

  • @konstanti said in Pfsense doesn't apply rules:

    Check the system log for any errors

    Or even pastebin it here (the /tmp/rules.debug file)

  • Thanks!
    I found this file. It was created when pfsense started.
    If I apply rules, file doesn't change.

    I found log_error ("WARNING: Could not write new rules!"); in the file /etc/inc/
    in the function filter_configure_sync
    Then I added such a code
    $file_12 = "/tmp/text.txt";
    $fdescr = fopen($file_12, "a");
    fwrite($fdescr, "Step1");

    in the top of the file /etc/inc/

    Then i changed a rule and look in the file /tmp/text.txt. And I saw words "Step1".
    it means the code works.

    Then I added such a breakpoint at the top of function filter_configure_sync.
    Again I changed a rule and sawin file. New words didn't appear.
    It's mean that function don't called. Right?

  • While I was making make researches I found some way to solve this problem without rebooting.

    1. Change a rule, add a rule and so on. Press Apply
    2. from command line run such a command /etc/rc.filter_configure_sync
    3. Now you can see your rule in an output of command pfctl -sr

  • @atmega This is wrong.
    Everything should happen automatically

  • i understand it!
    But now I can at least change rules without rebooting!

  • @atmega Here we have to deal with the www server
    if ($_POST ['apply']) {
    $retval = 0;
    $retval / = filter_configure();
    /usr/local/www / firewall_rules.php

  • Konstanti, a lot of thanks for your help.
    I found the place in /usr/local/www/firewall_rules.php, wich you pointed me.
    I changed filter_configure() to filter_configure_sync() and now everything works perfectly!
    I applied rules, I rebooted my server - all right!

  • @atmega
    Great that it works
    However, it is unclear for what reason does not work normally update the rules ?
    The normal scheme looks like this
    Apply -> filter_configure -> send_message("filter reload") -> daemon check_reload_status -> /etc/rc.filter_configure_sync

    This daemon is responsible for asynchronous updating :
    rules, interfaces, openvpn, dyndns, restarting webgui,....
    Therefore , if with some problems You may run into problems elsewhere .

  • I see you are good at pfsense code!
    Could you prompt me where does handler of send_message("filter reload") located?
    I look at him more closely.

  • @atmega

  • Hi!
    I did the next steps:

    1. I looked in /etc/inc/ and found the body of function send_message.
      I saw that function open a file and write a command to this file. If file doesn't exist then function run daemon check_reload_status.
      2)But I didn't find the file to writing. I tried manually to run check_reload_status and got error "library not found"!!!!
    2. I did next command from comand line ldd /usr/local/sbin/check_reload_status
      I really saw that library is not found
    3. I ran a search of missing library and found other version of library libevent.
    4. At the least I created a symbolic link ln -s /usr/local/lib/ /usr/local/lib/

    Now I see that everything works perfectly!!!
    I rebooted server - everything works!

    Konstanti! Thanks for your help!

Log in to reply