After emptying firewall alias, still behaves like old IPs are still there



  • This behavior is very similar (or maybe even identical) to both http://forum.pfsense.org/index.php/topic,34652.msg179517 and to http://redmine.pfsense.org/issues/1341. I'm still seeing it on a system running a less-than-a-week-old 2.0-RC snapshot. My issue is a little different though, as instead of the "last" IP hanging around, they all stay.

    A rough idea of the setup:
    1. Create a firewall alias will a few IPs.
    2. Create an overtly obvious firewall rule, say blocking all traffic on the LAN interface, and set the alias from #1 as the source.
    3. As expected, all the specified hosts lose connectivity to the Internet.
    4. Now go back and remove all the IPs from the alias in one sweep, save, and reload the filter.
    5. I would expect all the blocks to be lifted (i.e. the firewall rule becomes "dormant" as it doesn't match anything anymore). But all the IPs that used to be in the alias are still blocked. Every single one of them.

    The only way to resolve the issue is to always have one single IP in the alias list while saving. As long as the list is never completely empty, it always seems to work. My setup is pretty vanilla, running the x86 build. I can provide any additional info you might need.


  • Rebel Alliance Developer Netgate

    I tested that bug and it wasn't really fixed. I reopened it.



  • Thanks! I was a little worried that I sounded crazy by arguing a 'closed' bug. ;)


Log in to reply