Duplicate Rules Entries

johnpoz · Mar 6, 2022, 12:52 PM

@robbwk can you show us this rule?

robbwk · Mar 6, 2022, 4:57 PM

Firts, thank you for your kind and quick reply. Appreciated.

Here are a couple of screen grabs that, I hope, will be helpful.login-to-view login-to-view

johnpoz · Mar 6, 2022, 5:00 PM

@robbwk well one thing for sure you wouldn't want to use reject.. This sends a response..

Why are you trying to reject them, default is deny - do you have port forwards open and your trying to stop them from getting to your port forward?

Or mail server? I can not say I have ever seen such a thing.. My guess would be your browser is double submitting the rule?

robbwk · Mar 6, 2022, 6:07 PM

I used Reject to try and impress on these folks that their Spam is not appreciated. I can easily change that to Deny. That isn't the point though. The double entry is the point.

Yes, I am trying to protect mail servers. The amount of Spam I get is ridiculous and my storage system would be in serious trouble if I simply allowed all this rubbish to enter. I have SpamAssassin and Baysian on the mail servers but, that requires a lot of multiple entries to stop some Spammers that change IPs and domains by the minute. Stopping the IPs is my only effective solution. PFSense has reduced incoming by 75%. It's a great piece of software.

All I am trying to do is figure out why I get two entries. The rest is irrelevant.

Grateful for your reply.

stephenw10 · Mar 6, 2022, 6:15 PM

Are you running pfSense 2.6?

Check the actual config file /conf/confg.xml and the generated rulset file /tmp/rules.debug. Do the duplicate entries appear there too or is this a display bug?

Steve

robbwk · Mar 6, 2022, 6:31 PM

Hi and thanks for your attention and time.

I'm running version 2.5.2. Are you suggesting that this version creates duplicate entries? I will upgrade, if you instruct.

I'll check the config and ruleset as you suggest. I'll respond tomorrow with appropriate information.

Thanks again for your advice and effort.

robbwk · Mar 6, 2022, 6:49 PM

Decided to do it now. Files (sections of) attached.pfsense-config-xml.txt rule.debug.txt

stephenw10 · Mar 6, 2022, 10:22 PM

Hmm so, yes, the rule is actually created twice. How exactly are you creating it?

I only asked what version you're running because we need that to attempt to replicate it if it really is a bug. However it's unlikely a bug discovered in 2.5.2 will get fixed at this point. If you can replicate it in 2.6 then we can open a report and dig deeper.

Steve

robbwk · Mar 7, 2022, 9:33 AM

High Steve, appreciate your time.

I create the rule using the drop-down form (GUI). I do not use command line to do this. The choices are simple and I can't imagine I'm doing anything unusual.

I will upgrade to 2.6, later today and run it with few rules to start. Then, I will need to bring in the backup file from 2.5.2 or I will have to re-enter all the IPs and I don't really have that amount of time to spare.

Bear in mind that PFSense did not start out creating duplicates. For the first month or so, it created a single entry from my choices.

A little more information: I run the firewall as a VM in vSphere 6.7.

stephenw10 · Mar 7, 2022, 1:32 PM

Are you running as an HA pair? Or config syncing for any other reason?

It's hard to imagine anything that could cause that.

Since it's a VM you can easily snapshot it and roll back if upgrading to 2.6 makes no difference at least.

Steve

robbwk · Mar 9, 2022, 11:47 AM

Hi Steven,

Thanks for your message.

I have updated the software to version 2.6. I removed the duplicates (which I could not do in 2.5 as if I deleted one, the other also disappeared). I have added a few test IPs and all seems to be okay.

For me, at least, 2.5 had a glitch. 2.6, appears to have resolved it.

I am grateful for the help and advice give on this forum. If anything goes south over the next few days, I'll report to you.

Robb

stephenw10 · Mar 9, 2022, 1:48 PM

Ah, good to hear.