There were error(s) loading the rule
-
Hi Guys,
I have been having this problem for quite some time, but unable to figure out the nature of the problem.
If anyone could help it would be greatly appreciated...
There were error(s) loading the rules: /tmp/rules.debug:34: could not parse host specification - The line in question reads [34]: table <app_link_live_com> { fukui-6180.herokussl.com./32 }
-
I have the same problem.
http://fukui-6180.herokussl.com can not be resolved.
So it stays non-resolved in the table and the firewall 'pf' yells at you because it only accepts IP's, not URL's. -
Indeed that is not resolvable. You should remove it from the alias.
Though it should not end up in the ruleset if it's unresolvable...
Steve
-
@stephenw10
Thanks for Stephenw10 for your feedback.. Really appreciate you taking your time to respond to my inquiry.Looks like the Alias was created by the system due to a conflict in DNS lookup.
Alias "Description" States:
Created from Diagnostics-> DNS LookupI was thinking about removing this, but wonder whether there's any impact on the system?
Of course, I'll back it up before removing, but wanted to note I have 28 units connected through this firewall, hence, the outage can be catastrophic I'm afraid.... Hence, the reason for being chicken shit to make these changes....
Why the hell is my Diagnostic System creating this anyways....
Any Thoughts......Thanks again for taking the time to respond to my query.
-
An alias with the description has been created by hitting the button in Diag > DNS Lookup after running the lookup:
It could have been a mis-click perhaps?
I'm not aware of any system process that would add an alias like that automatically.If it's not in use in any firewall rules then remove it. A risk there is that the actual running ruleset may be different to the generated ruleset. It will not have been updated since that error was introduced. Resolving the error will update the running ruleset with all the changes that may have been made since then.
However a bigger risk IMO is that if you're forced to reboot with a bad ruleset you may end up with not rules loaded at all.Steve
-
Steve,
Really appreciate you taking up your time to respond to my inquiry.
I'll just take a backup of my system, and try removing this as see what happens.Wish me luck.
Thanks again for taking up your valuable time.
Best Regards,
Jerry -
Good luck.
Though you should be good. As I say the biggest risk there is that you pull in a bunch of changes that may have been added and were not yet in effect. If rules there do not change often then that may not apply.
Steve
