Duplicate Rules Entries
-
I've been using pfsense for about two months without any problems until a few days ago. Pfsense has begun to create duplicate entries in the firewall rules. I enter a single IP to be rejected and pfsense responds with two of the same IP in the rules.
Any suggestions how I can resolve this anomoly?
Thanks
-
@robbwk can you show us this rule?
-
Firts, thank you for your kind and quick reply. Appreciated.
Here are a couple of screen grabs that, I hope, will be helpful.
-
@robbwk well one thing for sure you wouldn't want to use reject.. This sends a response..
Why are you trying to reject them, default is deny - do you have port forwards open and your trying to stop them from getting to your port forward?
Or mail server? I can not say I have ever seen such a thing.. My guess would be your browser is double submitting the rule?
-
I used Reject to try and impress on these folks that their Spam is not appreciated. I can easily change that to Deny. That isn't the point though. The double entry is the point.
Yes, I am trying to protect mail servers. The amount of Spam I get is ridiculous and my storage system would be in serious trouble if I simply allowed all this rubbish to enter. I have SpamAssassin and Baysian on the mail servers but, that requires a lot of multiple entries to stop some Spammers that change IPs and domains by the minute. Stopping the IPs is my only effective solution. PFSense has reduced incoming by 75%. It's a great piece of software.
All I am trying to do is figure out why I get two entries. The rest is irrelevant.
Grateful for your reply.
-
Are you running pfSense 2.6?
Check the actual config file /conf/confg.xml and the generated rulset file /tmp/rules.debug. Do the duplicate entries appear there too or is this a display bug?
Steve
-
Hi and thanks for your attention and time.
I'm running version 2.5.2. Are you suggesting that this version creates duplicate entries? I will upgrade, if you instruct.
I'll check the config and ruleset as you suggest. I'll respond tomorrow with appropriate information.
Thanks again for your advice and effort.
-
Decided to do it now. Files (sections of) attached.pfsense-config-xml.txt rule.debug.txt
-
Hmm so, yes, the rule is actually created twice. How exactly are you creating it?
I only asked what version you're running because we need that to attempt to replicate it if it really is a bug. However it's unlikely a bug discovered in 2.5.2 will get fixed at this point. If you can replicate it in 2.6 then we can open a report and dig deeper.
Steve
-
High Steve, appreciate your time.
I create the rule using the drop-down form (GUI). I do not use command line to do this. The choices are simple and I can't imagine I'm doing anything unusual.
I will upgrade to 2.6, later today and run it with few rules to start. Then, I will need to bring in the backup file from 2.5.2 or I will have to re-enter all the IPs and I don't really have that amount of time to spare.
Bear in mind that PFSense did not start out creating duplicates. For the first month or so, it created a single entry from my choices.
A little more information: I run the firewall as a VM in vSphere 6.7.
-
Are you running as an HA pair? Or config syncing for any other reason?
It's hard to imagine anything that could cause that.
Since it's a VM you can easily snapshot it and roll back if upgrading to 2.6 makes no difference at least.
Steve
-
Hi Steven,
Thanks for your message.
I have updated the software to version 2.6. I removed the duplicates (which I could not do in 2.5 as if I deleted one, the other also disappeared). I have added a few test IPs and all seems to be okay.
For me, at least, 2.5 had a glitch. 2.6, appears to have resolved it.
I am grateful for the help and advice give on this forum. If anything goes south over the next few days, I'll report to you.
Robb
-
Ah, good to hear.
