Filter errors on upgrade

rsingh

i was on a jan 7 build prior and then updated to the latest.

i got constant errors about every LAN rule as well as IPSEC rules if IPSEC vpn was enabled.

to resolve this quickly i deleted all LAN rules and all IPSEC rules then manually re-created them. This resolved this.

I didn't have a backup of my rules prior so I had to fix it and it totally shut down the network so I had to fix it fast. thankfully it's only a little bit after midnight.

This was my first pfsense upgrade that went bad. i haven't been taking more precautions because they have been smoother. i will next time. now for sweet sweet sleep.

tipycol

I had a similar issue after upgrading. Any rules that had the protocol set to any (*) before upgrade had no protocol listed (it was blank) on the Firewall: Rules page. Editing and reapplying the any protocol to the rules fixed the filter errors for me.

andyhi

Had a similar problem after upgrade from beta 5 to RC1… kept getting filer load errors due to unreadable/corrupt line in the config.  Had to do with the default LAN * to WAN outbound rule.  Basically I had no LAN to WAN rules, so no inet from LAN.  inet access from router/console was ok.  Wasn't able to do much with the LAN rule as it kept stating I needed to select a protocol, but wasnt able to do that as the rule was linked to NAT.  Messed around with it for an hour or so and eventually tried restoring configs from 2/19 and from November 2010, same issues with both.  Ended up back reving to beta 5 and loaded the 2/19 conf and everything was happy.  Only change from the 2/19 config was a change in nics.

clarknova

2.0-RC1 (amd64)
built on Thu Mar 3 19:27:51 EST 2011

There were error(s) loading the rules: /tmp/rules.debug:250: syntax error
/tmp/rules.debug:251: syntax error
/tmp/rules.debug:252: syntax error
/tmp/rules.debug:275: syntax error
/tmp/rules.debug:280: syntax error
/tmp/rules.debug:282: syntax error
/tmp/rules.debug:283: syntax error
pfctl: Syntax error in config file: pf rules not loaded The line in question reads [250]: pass  in  quick  on $LAN  proto  from  $pony to  $link2voip keep state  queue (qVoIP,lan)  label "USER_RULE: link2voip:queue voip"

Firewall rules with Proto=any throw an error after the latest update. The Proto column on the Firewall: Rules page appears blank for these rules after updating, but if you edit the rule it will appear as Proto=TCP. Change this back to "any" and save, apply, then the warning goes away for that rule.

rpsmith

+1

I downgrade to i386 Mar 3 10:56:18 and restore my config.

Roy…

rubenc

+1. Really annoying… Edit + apply fixes it as tipycol said.

jimp

Fix here:
http://forum.pfsense.org/index.php/topic,33909.msg176091.html#msg176091