Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    error(s) loading the rules: interface name too long

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 485 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      meem
      last edited by

      I wanted to simplify my rules across multiple vlans by having a floating rule that allows access to an interface group, which is a list of all the vlans that should have access.

      I now get the following error as a notice

      There were error(s) loading the rules: /tmp/rules.debug:123: interface name too long - The line in question reads [123]: rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_interne pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081
@ 2020-09-01 18:00:28

      It seems like a bug because i'm hitting a limit that the GUI doesn't prevent?

       pfctl -f /tmp/rules.debug
/tmp/rules.debug:123: interface name too long
/tmp/rules.debug:126: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -123 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -126 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 443 -> 127.0.0.1 port 8443

      I reduced most of the line errors by shortening the name of my interface group, but it didn't resolve the issue for these 2 lines (both PFBlockerNG). It's not clear what I should change to fix it?

      Thanks for help.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        it's a bug.
        group names must be max 15 character

        [2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: pfctl -f /tmp/rules.debug
/tmp/rules.debug:263: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

        pass in quick on $GROUPTEST123456A inet proto tcp from any to any tracker 1599036505 flags S/SA keep state label "USER_RULE"

        but it work with
        GROUPTEST12345A

        rename all your group interfaces to something with 15 or less character "pfblocker_groups" -> "pfblocker_group"

        it was already fixed here
        https://redmine.pfsense.org/issues/10835

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.