error(s) loading the rules... what is this?!



  • I'm using a router-on-router setup, where my Netgate is a DMZ host behind a linksys router connected to a cable modem-only. Everything was working fine, And the only "setup" on the device was FQ_Codel that had been working fine for a few months.

    I was physically testing a different WAN link (just plugging the WAN into a different ATT arris router) in preparation for setting up dual WAN failover.. The ATT router was seeing a MAC of 00:00:00:00:00:00 for some reason, and DHCP was giving it a bogus WAN address not on the ATT lan. So I told pfsense to spoof the WAN Mac address, which fixed that DHCP problem...

    But then I started getting a filter rules loading error.... but I can't find this "100000001" rule anywhere, so I have no idea where it is coming from or how to fix it.. now when I plug it back into the router that was working fine, nothing works. I erased the spoof MAC, and still nothing works. How do I get rid of this error?

    There were error(s) loading the rules: 
     /tmp/rules.debug:155: syntax error -  
      The line in question reads [155]: 
        pass out quick on { igb1 } inet from any to -negate_networks- 
         tracker 10000001 
          keep state dnqueue( 2,) 
           label `NEGATE_ROUTE: Negate policy routing for destination`
         @ 2019-06-23 08:34:28
    


  • this is what my rules config looks like right now...

    config-main-house-router.localdomain-1561304407.xml



  • I ended up resetting to factory config and it instantly started working again.

    I would still like to know what was causing this and how i should debug a problem like this... because it would have been nicer to fix it than to blow away my config. (though fortunately it's simple)


  • Netgate Administrator

    @jeskeca said in error(s) loading the rules... what is this?!:

    dnqueue( 2,)

    That looks like the issue. I would guess you changed the Limiters you have and that has somehow applied them incorrectly.

    I would edit and re-save that rule you have with the Limiters on it and make sure they are set to the correct queue.
    That rule should look like dnqueue( 2,1) and obviously not be on the negate networks rule.

    Steve


Log in to reply