Filter reload error with interface group
-
I managed to get the following error whilst setting up a set of new VLANs on a 2.1-BETA1 (amd64) built on Fri Apr 19 07:42:13 EDT 2013. This is our office PF so I don't keep it quite as up to date as other ones and I have to be a bit careful when making changes.
Here's an example rule's error (there were three rules similar to this):
php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:299: syntax error - The line in question reads [299]: pass in quick on $DOWNSTAIRS inet proto udp from $DOWNSTAIRS to $BLL_Int_DNS keep state label "USER_RULE: DNS"I can see from rules.debug that the interface group DOWNSTAIRS is set as:
table <downstairs>{ 10.77.21.0/24 10.77.22.0/24 10.77.23.0/24 10.77.24.0/24 }also there is a set of System aliases:
ROOMONE = "{ em1_vlan21 }"
ROOMTWO = "{ em1_vlan22 }"
ROOMTHREE = "{ em1_vlan23 }"
ROOMFOUR = "{ em1_vlan24 }"These are the four interfaces making up DOWNSTAIRS.
and the alias BLL_Int_DNS is:
table <bll_int_dns>{ 192.168.100.63 192.168.100.64 192.168.100.46 }I've just tried a quick test with a simple icmp any any rule on the interface group and that failed as well so it seems there might be a problem with the rule trying to expand out the DOWNSTAIRS alias in some way.
I have another interface alias with shorter names in it and that seems to work fine.
Any ideas on how I can continue to debug this please?
Cheers
Jon</bll_int_dns></downstairs>