• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

error(s) loading the rules: interface name too long

Scheduled Pinned Locked Moved Firewalling
2 Posts 2 Posters 466 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    meem
    last edited by Sep 1, 2020, 7:01 PM

    I wanted to simplify my rules across multiple vlans by having a floating rule that allows access to an interface group, which is a list of all the vlans that should have access.

    I now get the following error as a notice

    There were error(s) loading the rules: /tmp/rules.debug:123: interface name too long - The line in question reads [123]: rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_interne pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081
@ 2020-09-01 18:00:28

    It seems like a bug because i'm hitting a limit that the GUI doesn't prevent?

     pfctl -f /tmp/rules.debug
/tmp/rules.debug:123: interface name too long
/tmp/rules.debug:126: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -123 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -126 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 443 -> 127.0.0.1 port 8443

    I reduced most of the line errors by shortening the name of my interface group, but it didn't resolve the issue for these 2 lines (both PFBlockerNG). It's not clear what I should change to fix it?

    Thanks for help.

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by kiokoman Sep 2, 2020, 9:13 AM Sep 2, 2020, 8:52 AM

      it's a bug.
      group names must be max 15 character

      [2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: pfctl -f /tmp/rules.debug
/tmp/rules.debug:263: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

      pass in quick on $GROUPTEST123456A inet proto tcp from any to any tracker 1599036505 flags S/SA keep state label "USER_RULE"

      but it work with
      GROUPTEST12345A

      rename all your group interfaces to something with 15 or less character "pfblocker_groups" -> "pfblocker_group"

      it was already fixed here
      https://redmine.pfsense.org/issues/10835

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received