Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall syntax error on applying limiter

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    7 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ForstF
      Forst
      last edited by

      Good time of the day!

      There is a problem with the firewall when it comes to limiting the bandwidth.
      Bug initially reported here: https://forum.pfsense.org/index.php?topic=74238.msg407759#msg407759

      Steps to reproduce:
      1. Create a limiter in "Firewall - Traffic Shaper - Limiter". In my case I made a simple 10 Mbps limit for all traffic, without any extra parameters, called it "10Mbps"
      2. Assign the created limiter to any rule as the "In" queue (in "Advanced features - In/Out")
      3. Save the rule and apply changes

      Expected results:
      Bandwidth is limited to 10 Mbps for traffic matching the rule, no errors are produced.

      Actual result:
      Rules are not applied, an error occurs:

      [ There were error(s) loading the rules: /tmp/rules.debug:145: syntax error - The line in question reads [145]: pass in quick on $LAN inet from 192.168.1.0/24 to any tracker 1396966525 keep state dnpipe ( 1) label USER_RULE: Default allow LAN to any rule]
      

      Reproducible on a clean install of:

      2.2-ALPHA (amd64)
      built on Sun Apr 6 20:41:07 CDT 2014

      with the simplest configuration of two interfaces (WAN, LAN).

      1 Reply Last reply Reply Quote 0
      • I
        ingmthompson
        last edited by

        I made a bug for this one, but I believe the devs are already aware of it:

        https://redmine.pfsense.org/issues/3579

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          I get the same thing with the same sort of simple configuration.
          /tmp/rules.limiter has:

          pipe 1 config  bw 1Mb
          
          

          When I do

          /sbin/ipfw /tmp/rules.limiter
          

          there is no error, and a pipe is created:

          /sbin/ipfw pipe list
          00001:   1.000 Mbit/s    0 ms burst 0
          q131073  50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
           sched 65537 type FIFO flags 0x0 0 buckets 0 active
          
          

          I will stop there. I have a feeling that I need to be able to see what has happened in "pf". I have no access to pfSense-tools, so I cannot dig any deeper. Would love to help, but have been locked out. Very frustrating on an "open-source" project.
          (And it has been so long waiting for this to be resolved that I am going to keep putting comments like this whenever I run up against the wall. Initially I was happy to wait a bit and see, but it has been too long. I sent a request for access over a week ago and have heard nothing, not even an acknowledgement that my request was received.)

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            Fixed.
            Newer snapshots will not have this issue anymore.

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              2.2-ALPHA (i386)
              built on Mon Apr 14 15:07:07 CDT 2014
              FreeBSD 10.0-STABLE

              A simple limiter rule like this is loaded without error:

              pass  in  quick  on $LAN inet proto tcp  from 10.49.211.0/24 to any tracker 1397532620 flags S/SA keep state  dnpipe ( 1)  label "USER_RULE: Limit DHCP devices"
              

              Working, thanks

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • ForstF
                Forst
                last edited by

                Confirmed working as well, thank you fox the fix!

                2.2-ALPHA (amd64)
                built on Wed Apr 16 18:14:39 CDT 2014
                FreeBSD 10.0-STABLE

                1 Reply Last reply Reply Quote 0
                • I
                  ingmthompson
                  last edited by

                  Also working here, thanks.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.