After 2.0.3 upgrade, empty tables if FQDN aliases
-
All my firewall rules that relied on aliases based on FQDN hosts is empty after the 2.02 –> 2.0.3 upgrade.
New (FQDN) aliases does not generate anything in the tables
pfctl -T show -t test
[empty]:(
I can do the lookups via diag DNS on my pfsense machine.
Checked system DNS settings and did a reboot, problem is still there.
Any thoughts?
Thanks!
-
I had this same issue. It brought my network to it's knees, seeing as I have time and host restrictions based off of FQDNs in aliases. I had to revert to 2.0.2. I would like to know if anyone else has had this issue.
-
Mine all work fine in test VMs, hostname entries are in the tables as expected.
Check Diag > Tables and see if you see them there.
Also, is this amd64 or i386?
Any errors in the logs from filterdns or similar?What does your /var/etc/filterdns.conf look like?
-
Mine all work fine in test VMs, hostname entries are in the tables as expected.
Check Diag > Tables and see if you see them there.
Also, is this amd64 or i386?
Any errors in the logs from filterdns or similar?What does your /var/etc/filterdns.conf look like?
Diag > Tables = Empty
i386
Lines from the log with error, no dns/filterdns related:
untitled text 3:17: Apr 16 22:47:46 pfsense kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0712580, 0) error 1 untitled text 3:21: Apr 16 22:47:46 pfsense kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0712620, 0) error 1 untitled text 3:24: Apr 16 22:47:46 pfsense kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07126c0, 0) error 1 untitled text 3:27: Apr 16 22:47:46 pfsense kernel: module_register_init: MOD_LOAD (wpi_fw, 0xc0891ba0, 0) error 1 untitled text 3:29: Apr 16 22:47:46 pfsense kernel: ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) untitled text 3:130: Apr 16 22:48:31 pfsense dhcpleases: kqueue error: unkown untitled text 3:153: Apr 16 22:49:10 pfsense apinger: Error while feeding rrdtool: Broken pipe untitled text 3:1177: Apr 18 09:43:00 pfsense kernel: vr1: vr_link_task: Tx/Rx shutdown error -- resetting untitled text 3:1181: Apr 18 09:43:01 pfsense kernel: vr1: vr_stop: Rx shutdown error
/var/etc/filterdns.conf:
pf xxxx.mine.nu fw3g pf p1.p.monitorscout.com MS_probes pf p2.p.monitorscout.com MS_probes pf p3.p.monitorscout.com MS_probes pf p4.p.monitorscout.com MS_probes pf p5.p.monitorscout.com MS_probes pf p6.p.monitorscout.com MS_probes pf p7.p.monitorscout.com MS_probes pf p8.p.monitorscout.com MS_probes pf p9.p.monitorscout.com MS_probes pf p10.p.monitorscout.com MS_probes pf p11.p.monitorscout.com MS_probes pf p12.p.monitorscout.com MS_probes pf p13.p.monitorscout.com MS_probes pf p14.p.monitorscout.com MS_probes pf p15.p.monitorscout.com MS_probes pf p16.p.monitorscout.com MS_probes pf p17.p.monitorscout.com MS_probes pf p18.p.monitorscout.com MS_probes pf p19.p.monitorscout.com MS_probes pf p20.p.monitorscout.com MS_probes pf p21.p.monitorscout.com MS_probes pf p22.p.monitorscout.com MS_probes pf p23.p.monitorscout.com MS_probes pf p24.p.monitorscout.com MS_probes pf p25.p.monitorscout.com MS_probes pf xxxxx.co.uk oppouk pf bob.xxxx.xx ping pf xxxx.mine.nu ping pf xxxx.mine.nu ping pf xxxx.mine.nu ping pf fth-int-1.xxxx.xx ping pf oitp.xxxxx.xx ping pf xxxx.mine.nu ping pf xxxx.mine.nu ping pf p1.p.monitorscout.com ping pf p2.p.monitorscout.com ping pf p3.p.monitorscout.com ping pf p4.p.monitorscout.com ping pf p5.p.monitorscout.com ping pf p6.p.monitorscout.com ping pf p7.p.monitorscout.com ping pf p8.p.monitorscout.com ping pf p9.p.monitorscout.com ping pf p10.p.monitorscout.com ping pf p11.p.monitorscout.com ping pf p12.p.monitorscout.com ping pf p13.p.monitorscout.com ping pf p14.p.monitorscout.com ping pf p15.p.monitorscout.com ping pf p16.p.monitorscout.com ping pf p17.p.monitorscout.com ping pf p18.p.monitorscout.com ping pf p19.p.monitorscout.com ping pf p20.p.monitorscout.com ping pf p21.p.monitorscout.com ping pf p22.p.monitorscout.com ping pf p23.p.monitorscout.com ping pf p24.p.monitorscout.com ping pf p25.p.monitorscout.com ping pf xxxx.vpntunnel.xxx routevpn pf svtplay.se svtplay pf www.svtplay.se svtplay pf www.svtplay.se.edgesuite.net svtplay pf p1.p.monitorscout.com test pf p2.p.monitorscout.com test pf xxxx.mine.nu tracker pf xxxx.mine.nu tracker pf xxxx.mine.nu tracker pf xxxx.mine.nu tracker pf xxxx.mine.nu tracker pf xxxx.mine.nu tracker pf xxxx.mine.nu vpnaccess
-
For what it is worth, if I'm hammering the webGUI after a reboot and login really quick and check the Diag - Tables I will find the entrys.
Then I'll check the command: 'pfctl -T show -t <alias>' and it is empty.
And then they are gone from the webGUI on the next reload of the tables, so it seems to work for a short period after a reboot.</alias>
-
I have now cleared unused firewall rules and some aliases, that did the trick! My FQDN alias is now listed in the table's.
I don't have any specific rule to suspect, maybe it was the rule including policy routing that had an alias for the GW.