Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    error(s) loading the rules: interface name too long

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 485 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      meem
      last edited by

      I wanted to simplify my rules across multiple vlans by having a floating rule that allows access to an interface group, which is a list of all the vlans that should have access.

      I now get the following error as a notice

      There were error(s) loading the rules: /tmp/rules.debug:123: interface name too long - The line in question reads [123]: rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_interne pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081
      @ 2020-09-01 18:00:28
      

      It seems like a bug because i'm hitting a limit that the GUI doesn't prevent?

       pfctl -f /tmp/rules.debug
      /tmp/rules.debug:123: interface name too long
      /tmp/rules.debug:126: interface name too long
      pfctl: Syntax error in config file: pf rules not loaded
      
      [2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -123 /tmp/rules.debug | tail -1
      rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081
      
      [2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -126 /tmp/rules.debug | tail -1
      rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 443 -> 127.0.0.1 port 8443
      
      

      I reduced most of the line errors by shortening the name of my interface group, but it didn't resolve the issue for these 2 lines (both PFBlockerNG). It's not clear what I should change to fix it?

      Thanks for help.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        it's a bug.
        group names must be max 15 character

        [2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: pfctl -f /tmp/rules.debug
        /tmp/rules.debug:263: interface name too long
        pfctl: Syntax error in config file: pf rules not loaded
        

        pass in quick on $GROUPTEST123456A inet proto tcp from any to any tracker 1599036505 flags S/SA keep state label "USER_RULE"

        but it work with
        GROUPTEST12345A

        rename all your group interfaces to something with 15 or less character "pfblocker_groups" -> "pfblocker_group"

        it was already fixed here
        https://redmine.pfsense.org/issues/10835

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.