Filter errors on upgrade



  • i was on a jan 7 build prior and then updated to the latest.

    i got constant errors about every LAN rule as well as IPSEC rules if IPSEC vpn was enabled.

    to resolve this quickly i deleted all LAN rules and all IPSEC rules then manually re-created them. This resolved this.

    I didn't have a backup of my rules prior so I had to fix it and it totally shut down the network so I had to fix it fast. thankfully it's only a little bit after midnight.

    This was my first pfsense upgrade that went bad. i haven't been taking more precautions because they have been smoother. i will next time. now for sweet sweet sleep.



  • I had a similar issue after upgrading. Any rules that had the protocol set to any (*) before upgrade had no protocol listed (it was blank) on the Firewall: Rules page. Editing and reapplying the any protocol to the rules fixed the filter errors for me.



  • Had a similar problem after upgrade from beta 5 to RC1… kept getting filer load errors due to unreadable/corrupt line in the config.  Had to do with the default LAN * to WAN outbound rule.  Basically I had no LAN to WAN rules, so no inet from LAN.  inet access from router/console was ok.  Wasn't able to do much with the LAN rule as it kept stating I needed to select a protocol, but wasnt able to do that as the rule was linked to NAT.  Messed around with it for an hour or so and eventually tried restoring configs from 2/19 and from November 2010, same issues with both.  Ended up back reving to beta 5 and loaded the 2/19 conf and everything was happy.  Only change from the 2/19 config was a change in nics.



  • 2.0-RC1 (amd64)
    built on Thu Mar 3 19:27:51 EST 2011

    There were error(s) loading the rules: /tmp/rules.debug:250: syntax error
    /tmp/rules.debug:251: syntax error
    /tmp/rules.debug:252: syntax error
    /tmp/rules.debug:275: syntax error
    /tmp/rules.debug:280: syntax error
    /tmp/rules.debug:282: syntax error
    /tmp/rules.debug:283: syntax error
    pfctl: Syntax error in config file: pf rules not loaded The line in question reads [250]: pass  in  quick  on $LAN  proto  from  $pony to  $link2voip keep state  queue (qVoIP,lan)  label "USER_RULE: link2voip:queue voip"

    Firewall rules with Proto=any throw an error after the latest update. The Proto column on the Firewall: Rules page appears blank for these rules after updating, but if you edit the rule it will appear as Proto=TCP. Change this back to "any" and save, apply, then the warning goes away for that rule.



  • +1

    I downgrade to i386 Mar 3 10:56:18 and restore my config.

    Roy…



  • +1. Really annoying… Edit + apply fixes it as tipycol said.


  • Rebel Alliance Developer Netgate


Log in to reply