firewall rules are not applied after a reboot of firewall, the fix is reapply or run status filter reload

bcruze · Mar 9, 2020, 10:43 AM

SG 3100. just upgraded to rc last night. then the latest this morning. 2.4.5.r.20200309.0300

upon reboot the alias/ rule i have for 2 macmini's is not working. the rule in place is for the traffic to go out a specific wan gateway. go to the rule, and reapply the setting under advanced options. it fixes it. OR if i click status then filter reload.

this has worked perfectly for years until the development version

jimp · Mar 9, 2020, 6:34 PM

Were there any errors or notices in the log when it wasn't working properly?

Does it work OK after a reboot (not during an upgrade, but a regular reboot)?

bcruze · Mar 9, 2020, 7:35 PM

a regular reboot, after the reboot the computers show traffic from my WAN connection. which is incorrect

the traffic rule specifically states a different gateway to be used.

status > reload filters fixes it instantly

i don't see any errors. is there a specific tab you want me to check. i checked openvpn, gateway, general. etc and nothing that i could see wrong

jimp · Mar 9, 2020, 7:37 PM

It would be under the general tab, if there were any. Might check the console as well.

Are there any hostnames in the alias there?

If you go to Diagnostics > Tables immediately after you boot, are there any entries in the table for the alias?

bcruze · Mar 9, 2020, 10:52 PM

i've applied the latest RC. rebooted. once i could login. diagnostics > tables. all alias where there and correct.

then i waited a few minutes, did a normal reboot. when i could login. all alias were there with the correct ip addresses of the devices

bcruze · Mar 15, 2020, 10:47 AM

i replied in my other thread about the alias is fixed by reinstalling the firewall on my SG 3100 back to stable and not restoring ANYthing previously. entirely rebuilt from scratch

i am now running sg 3100 on 2.4.4-RELEASE-p3 (arm) but have the same issue as i originally posted in this thread.

on the stable release, i have spent hours on trying to figure this out. in reading on redmine https://redmine.pfsense.org/issues/6028 if i am reading this correctly this affects ALL versions of Pfense? i have been using Pfsense for the past 3-4 years and never experienced this.

leads me to two things. is the image file for the sg 3100 contain issues my SG 4220 and SG 2220 did not have?

because i have been using these same rules, and yesterday they were built from scratch not restored from a previous firewall..

if this is the bug i just need to know that so i understand its being worked on

thank you Sir