Import from m0n0wall breaks pfSense if dashes are in an alias



  • We just tried to upgrade from m0n0wall 1.33 to pfSense 2.01.  We installed, configured the LAN IP, and restored the m0n0wall configuration file.  We could ping the WAN from pfSense but not from the LAN.

    It turns out, in m0n0wall, "The name of the alias may only consist of the characters a-z, A-Z, 0-9 and '-' (dash)."  pfSense does not allow dashes.  pfSense did do a search/replace on the string "m0n0wall" in the configuration file, however, it did not search/replace the dashes out.  As a result I believe the firewall was not loading and thus NAT/routing was not functioning.

    Unfortunately since we had a few rules with such an alias, and the log file entry did not display the entire error message, it took a long time to figure out.  Eventually we saw a longer partial message that had an extra couple lines referring to an unrecognized macro "$Server-1".  We tried renaming that alias and pfSense kind of ran off the rails, with further attempts to edit that alias displaying a completely different page.

    Eventually we used the Edit File feature to edit /cf/conf/config.xml, search/replace ourselves, and reboot.

    I suggest that pfSense remove dashes or perhaps replace them with a different character when importing aliases.


  • Rebel Alliance Developer Netgate

    Can you open a ticket on http://redmine.pfsense.org for that? We do allow "_" in alias names, but not dash (pf doesn't like dashes in table/macro names).



  • Wasn't sure where the bug tracker was, thanks.  Bug 2564.


Log in to reply