Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall ALIAS import SHOWSTOPPER

    Firewalling
    3
    5
    505
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bfeitell
      last edited by bfeitell

      Importing a CR delimited list of IPv6 Addresses crashes 23.05.

      I created an Alias of networks named GOOGLE_IPV6_NETBLOCKS and attempted to import a carriage return delimited columnar list of IPv6 networks exactly as follows, and as per the instructions on the page:

      2001:4860::/32
      2404:6800::/32
      2404:f340::/32
      2600:1900::/28
      2606:73c0::/32
      2607:f8b0::/32
      2620:11a:a000::/40
      2620:120:e000::/40
      2800:3f0::/32
      2a00:1450::/32
      2c0f:fb50::/32
      2707:f8b0:4600::/64

      This crashes pfSense 23.05 HARD and the box will not reboot. On the second go-round I was able to avoid a complete re-install by SSHing to the box BEFORE REBOOT and copying the last known good config from /conf/backups to /conf/config.xml . A reboot in the broken state yields an unbootable firewall.

      Nice bug. Simple, yet devastating.

      Please fix this.

      Cheers,
      Bennett Feitell

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @bfeitell
        last edited by

        @bfeitell there’s a patch for this.
        https://forum.netgate.com/topic/180313/firewall-alias-import-bug-after-upgrade-to-23-05-release-amd64

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 1
        • B
          bfeitell
          last edited by bfeitell

          @SteveITS said in Firewall ALIAS import SHOWSTOPPER:

          https://forum.netgate.com/topic/180313/firewall-alias-import-bug-after-upgrade-to-23-05-release-amd64

          Thank you!

          I checked for an update to the System_Patches package, and this fix is not published yet. :(

          The patch also cannot be applied after the bug has bitten, as the GUI is completely broken.

          Bob.DigB S 2 Replies Last reply Reply Quote 0
          • Bob.DigB
            Bob.Dig LAYER 8 @bfeitell
            last edited by Bob.Dig

            @bfeitell Agree, this should be auto-patched ASAP. No need to let people run into this.

            1 Reply Last reply Reply Quote 1
            • S
              SteveITS Rebel Alliance @bfeitell
              last edited by

              @bfeitell said in Firewall ALIAS import SHOWSTOPPER:

              checked for an update to the System_Patches package

              It is in there now.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post