Unable to delete alias - firewall thinks its in use

michmoor

I am unable to delete an alias as the system believes its still in use on firewall rules that no longer exist on my firewall. Rules are not in the GUI so i suspect there is something lingering in the filesystem.
How can i delete this alias?

Cannot delete alias. Currently in use by filter rule 'Permit traceroute from Zabbix server', filter rule 'Permit Monitoring to LAN', filter rule 'Permit SCP file transfer'.

mcury

@michmoor I would try this method: https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html#edit-in-place

Backup your config first, then check if the firewall rule exists in /conf/config.xml
If so, remove the rule, save the file and then, rm /tmp/config.cache
Go to the GUI and save that tab where the firewall rule was, then try to remove the alias.

But perhaps, it may be a good idea to wait a little longer a better suggestion.

michmoor

@mcury
Good thinking. I do see it in the config.xml file
I dislike editing the config.xml as i strongly suspect I'm going to mess this up. Dont think i have another choice.
I'll wait to see if anyone else chimes in.

stephenw10

If it's in the config file is should appear in the GUI.

We have seen situations where it's in a rule that is hidden because the interface is disabled or similar. You should be able to temporarily re-expose the rule though to remove the alias.

michmoor

@stephenw10
I edited the config.xml and somehow not corrupted everything in the process. Reboot. I am able to delete the alias

To your point, this was an IPsec VTI that was in use awhile ago. Not sure how i would go about exposing it if something like this happens in the future.

stephenw10

Hmm, possibly you changed the IPSec filtering mode? That can hide tabs for VTI or IPSec interfaces.