1. Home
  2. pfSense® Software
  3. Firewalling
  4. error(s) loading the rules: interface name too long

error(s) loading the rules: interface name too long

  • M

    I wanted to simplify my rules across multiple vlans by having a floating rule that allows access to an interface group, which is a list of all the vlans that should have access.

    I now get the following error as a notice

    There were error(s) loading the rules: /tmp/rules.debug:123: interface name too long - The line in question reads [123]: rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_interne pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081
@ 2020-09-01 18:00:28

    It seems like a bug because i'm hitting a limit that the GUI doesn't prevent?

     pfctl -f /tmp/rules.debug
/tmp/rules.debug:123: interface name too long
/tmp/rules.debug:126: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -123 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 80 -> 127.0.0.1 port 8081

[2.4.5-RELEASE][root@fw.meemsbox.com]/tmp: head -126 /tmp/rules.debug | tail -1
rdr pass on { igb4 igb2 igb2.10 igb2.20 igb2.30 igb2.40 igb2.42 igb2.44 igb2.50 bridge0 igb2.70 openvpn IOTBRIDGEGroup outbound_net pfblocker_groups internal_lans } proto tcp from any to 10.10.10.1 port 443 -> 127.0.0.1 port 8443

    I reduced most of the line errors by shortening the name of my interface group, but it didn't resolve the issue for these 2 lines (both PFBlockerNG). It's not clear what I should change to fix it?

    Thanks for help.

    0
  • kiokoman
    LAYER 8

    it's a bug.
    group names must be max 15 character

    [2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: pfctl -f /tmp/rules.debug
/tmp/rules.debug:263: interface name too long
pfctl: Syntax error in config file: pf rules not loaded

    pass in quick on $GROUPTEST123456A inet proto tcp from any to any tracker 1599036505 flags S/SA keep state label "USER_RULE"

    but it work with
    GROUPTEST12345A

    rename all your group interfaces to something with 15 or less character "pfblocker_groups" -> "pfblocker_group"

    it was already fixed here
    https://redmine.pfsense.org/issues/10835

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy