Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Delete alias. Currently in use by filter rule id 91

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @Unoptanio
      last edited by

      @Unoptanio
      Never seen such a short ID.
      But you can go to Diagnostic > command prompt and execute "cat /tmp/rules.debug" to list all the rules with their IDs.

      You should be able to find the responsible rule in the list.

      1 Reply Last reply Reply Quote 1
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        That's the actual rule number not the tracking ID, which is much longer.

        You can see it in the running ruleset using: pfctl -vvsr | grep @91

        Or you can see it in the Rules view in Diag > pfTop

        Or you can open the config file and just search it for 'cancellare'

        UnoptanioU 1 Reply Last reply Reply Quote 2
        • UnoptanioU
          Unoptanio @stephenw10
          last edited by Unoptanio

          @stephenw10 said in Delete alias. Currently in use by filter rule id 91:

          pfctl -vvsr | grep @91

          return:

          @91 block drop in log on ! ovpns1 inet from 10.10.94.0/24 to any ridentifier 1000011970

          4817059a-9216-4c26-ab0d-ff1b509c9cb9-image.png

          There is not here:

          2886e64e-ffa7-4d99-a607-e89a6bd1d55a-image.png

          pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
          CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
          n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            It looks like it's on the assigned interface from ovpns1 not the group OpenVPN interface. Burt also there are no ports defined there so no ports alias.....

            I'd check the config file directly.

            UnoptanioU 1 Reply Last reply Reply Quote 0
            • UnoptanioU
              Unoptanio @stephenw10
              last edited by

              @stephenw10

              a0df0f8c-deca-4575-b2d9-a08279b5fd00-image.png

              pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
              CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
              n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                I'd also try running Status > Filter Reload and make sure it's rebuilding the ruleset correctly.

                UnoptanioU 1 Reply Last reply Reply Quote 0
                • UnoptanioU
                  Unoptanio @stephenw10
                  last edited by Unoptanio

                  @stephenw10 said in Delete alias. Currently in use by filter rule id 91:

                  status > Filter Reload

                  done
                  01187cbe-93f2-40b7-8570-3505bc9da236-image.png

                  The problem persists

                  3ed7ae05-228c-40fa-8886-8cd6ebdba6bc-image.png

                  pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                  CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                  n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Then look in the config directly. Or try running:
                    cat /cf/conf/config.xml | grep cancellare

                    UnoptanioU 1 Reply Last reply Reply Quote 0
                    • UnoptanioU
                      Unoptanio @stephenw10
                      last edited by Unoptanio

                      @stephenw10
                      949d6526-5934-4864-b7fe-3135c2cfd6c2-image.png

                      49df42ba-045e-489c-a40a-84c9ca7ee1bc-image.png

                      498e2a8f-9504-4dae-abd1-f6b206191139-image.png

                      pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                      CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                      n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                      dennypageD 1 Reply Last reply Reply Quote 1
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        OK there we go. What interface is opt9?

                        1 Reply Last reply Reply Quote 1
                        • dennypageD
                          dennypage @Unoptanio
                          last edited by

                          @Unoptanio Look for opt9 in Status / Interfaces

                          UnoptanioU 2 Replies Last reply Reply Quote 1
                          • UnoptanioU
                            Unoptanio @dennypage
                            last edited by

                            @dennypage

                            fffedfe0-5913-48e3-b379-08cee8636ff4-image.png

                            5c3ae1f5-8a55-425a-bc98-034e645f7947-image.png

                            pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                            CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                            n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                            dennypageD 1 Reply Last reply Reply Quote 0
                            • dennypageD
                              dennypage @Unoptanio
                              last edited by

                              @Unoptanio Okay, now you know. The rule is on the interface named "WAN_AMPERSAND". Look at Firewall / Rules / WAN_AMPERSAND and you should be able to find it.

                              1 Reply Last reply Reply Quote 1
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by stephenw10

                                It may be disabled? Though if it was I wouldn't expect to see it in Status > Interfaces

                                1 Reply Last reply Reply Quote 0
                                • UnoptanioU
                                  Unoptanio @dennypage
                                  last edited by

                                  @dennypage

                                  yes is disabled

                                  pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                                  CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                                  n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    The enable it, remove the rule, then disable it again.

                                    UnoptanioU 2 Replies Last reply Reply Quote 1
                                    • UnoptanioU
                                      Unoptanio @stephenw10
                                      last edited by

                                      @stephenw10

                                      I'll try on Monday because now I'm connected remotely and I'm afraid of going to block.
                                      I'll update you then, thanks

                                      pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                                      CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                                      n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                                      1 Reply Last reply Reply Quote 1
                                      • UnoptanioU
                                        Unoptanio @stephenw10
                                        last edited by

                                        @stephenw10 @dennypage
                                        OK!

                                        I did as you said. It worked well. After re-enabling the interface I managed to eliminate the "cancellare" alias that was in a rule of this interface, thanks

                                        pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                                        CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                                        n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                                        1 Reply Last reply Reply Quote 1
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.