Can't add floating rule at the top

iamzam

I'm not sure when or how this started but if I try to add a Floating rule to the top of the list (by clicking on the green add ^) when I click the save button I get a blank page with the text:

XML error: FLOATINGRULES at line 5353 cannot occur more than once

In my config.xml, the stuff around line 5353 is:

                <separator><lan><opt1><floatingrules><wan><floatingrules></floatingrules></wan></floatingrules></opt1></lan></separator> 

This is at the end of the rules section and all of the other rules (floating or otherwise) are above.  The floating rules have a <floating>yes</floating> tag…

I can create a rule and then move it to the top of the list, click save and apply.

Now when I check config.xml, there is no <floatingrules></floatingrules>and the whole section moved to around 5313:

                <separator><lan><opt1><floatingrules><wan></wan></floatingrules></opt1></lan></separator> 

Steve_B

Thnaks. I'll check into this.

iamzam

Ok silly me I tried to update to the latest image and it failed.  I am now stuck, it doesn't seem there is anyway to downgrade in 2.3.  I'm posting this from my phone.

When I am able to get the webconfigurator running and try to restore a good configuration I get the same error

XML error: FLOATINGRULES at line 5318 cannot occur more than once:

I have already tried removing the <fseparator>section but it doesn't restore

Can anyone tell me how to restore a known good config/image in 2.3?</fseparator>

SpOuK3

Hi,

Yes I'm also stuck with this "XML error: FLOATINGRULES at line 2736 cannot occur more than once" Looks like I can't create any "floating rules" or delete them… Probably something that can be fixed...

Thanks!

iamzam

Whatever you do, don't upgrade or possibly even reboot until this gets figured out.  I can't even reset everything to default from the command line and start with assign interfaces/set LAN IP/dhcp server.  It gives that error when it tries to save, I get the XML error and it goes back to:

WAN -> em0 dhcp
LAN -> em1 192.168.1.1

Steve_B

Your previous configurations are located in the directory /cf/config/backup

Select one of those files and copy it to /cf/config/config.xml, then reboot.

I have reproduced the issue and am working to fix it right now.

iamzam

I have tried that and it didn't work.  I keep getting the error pointing to line 5318 and line 5318 in the current /cf/conf/config.xml is completely unrelated,  the <floatingrules>section is above line 5318.  Does this have anything to do with a failed upgrade, i.e. is there some file waiting somewhere to run through the upgrade code and its not looking at /cf/conf/config.xml now?</floatingrules>

iamzam

I just rebooted and the error as it flew by said something about XMLERROR backup.cache line 5318.  Any ideas?

Steve_B

I have just pushed a fix for this issue. Please gitsync to get the update.

Meanwhile, from the Diagnostics -> Command Prompt page (or the command line if you prefer) , enter the command:

ls -l /cf/conf/backup/*

From that list, choose a file from a date and time before the error occurred. perhaps config-1454345238.xml (Yours will not have the same name)

Now copy that file over the current config like so:

cp /cf/conf/backup/config-1454345238.xml  /cf/conf/config.xml

(Again you file name will have a different numerical part)

Then reboot.

iamzam

No dice.  I tried the oldest file and a few others.  The error that I am seeing is something like "cleaning backup cache … XML error FLOATINGRULES at line 5318 cannot occur more than once"

Then, "starting iftop... XML error FLOATINGRULES at line 5318 cannot occur more than once"

Do I need the <floatingrules></floatingrules>section inside the <separator></separator>section or should I delete it?  I think all the backup config.XML files have that section in it.  All the backup/config.xml files from before yesterday have been deleted somehow I'm not sure if that happens at upgrade or what.

iamzam

Ok it appears that even though I had a valid /cf/conf/config.xml there was still a problem with the majority of files in /cf/conf/backup/ and something was evaluating those files on bootup and wouldn't completely finish because of the invalid/unexpected xml at line 5318 having to do with floatingrules.

I moved those files manually out of the way and to be safe I also grep-ed for floatingrules in /tmp of which there was one file - /tmp/config.cache so I moved that file out of the way too.

After I did that I was able to start webconfigurator and make changes there, get connectivity, etc. without getting that XML error about line 5318.  I still couldn't start unbound at all though, so I rebooted at that point and it came all the way up including unbound at that point.

SpOuK3

@iamzam:

No dice.  I tried the oldest file and a few others.  The error that I am seeing is something like "cleaning backup cache … XML error FLOATINGRULES at line 5318 cannot occur more than once"

Then, "starting iftop... XML error FLOATINGRULES at line 5318 cannot occur more than once"

Do I need the <floatingrules></floatingrules>section inside the <separator></separator>section or should I delete it?  I think all the backup config.XML files have that section in it.  All the backup/config.xml files from before yesterday have been deleted somehow I'm not sure if that happens at upgrade or what.

After I restored a backup, this look fixed for me… I was able to create floating rules and I just did an upgrade without any issues... Thanks!

iamzam

Hmm,

Now I am trying to just duplicate a floating rule, from the middle of the list and it's not there after I save the rule, before hitting the apply changed button.

There is an alert waiting for me on the dashboard:

pfSenseConfigurator

    pfSense is restoring the configuration /cf/conf/backup/config-1455059392.xml @ 2016-02-09 18:11:52

This is with an updated version from today:

2.3-BETA (amd64)
built on Tue Feb 09 02:17:57 CST 2016
FreeBSD 10.3-BETA1

I see that there is another update, should I apply it?

In my syslog I see:

2/9/16 18:09:56.000 pfs.dv.loc nginx[-1]: 172.22.22.10 - - [09/Feb/2016:18:09:57 -0500] "GET /firewall_rules.php HTTP/1.1" 200 32184 "https://pfs.dv.loc/firewall_aliases.php?tab=ip" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0"
2/9/16 18:09:59.000 pfs.dv.loc nginx[-1]: 172.22.22.10 - - [09/Feb/2016:18:09:59 -0500] "GET /firewall_rules.php?if=FloatingRules HTTP/1.1" 200 32127 "https://pfs.dv.loc/firewall_rules.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0"
2/9/16 18:10:26.000 pfs.dv.loc nginx[-1]: 172.22.22.10 - - [09/Feb/2016:18:10:26 -0500] "GET /firewall_rules_edit.php?dup=6 HTTP/1.1" 200 15911 "https://pfs.dv.loc/firewall_rules.php?if=FloatingRules" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0"
2/9/16 18:11:52.000 php-fpm[23539]: /firewall_rules_edit.php: XML error: > required at line 5473 in /conf/config.xml
2/9/16 18:11:52.000 php-fpm[23539]: /firewall_rules_edit.php: pfSense is restoring the configuration /cf/conf/backup/config-1455059392.xml
2/9/16 18:11:52.000 php-fpm[23539]: /firewall_rules_edit.php: New alert found: pfSense is restoring the configuration /cf/conf/backup/config-1455059392.xml
2/9/16 18:11:52.000 check_reload_status[-1]: Syncing firewall

Line 5473 is off the end of the rules into the aliases section so I can't find out what the problematic XML line is before it restores the last config.

jimp

The "bad" config is kept in /conf/config.xml.bad, check the line there

iamzam

Line 5473 in /cf/conf/config.xml.bad is:

                        <wan,lan,opt1,openvpn></wan,lan,opt1,openvpn>

It is within a separator section that doesn't even show up anymore:

                <separator><lan><opt1><floatingrules><wan><wan,lan,opt1,openvpn></wan,lan,opt1,openvpn></wan></floatingrules></opt1></lan></separator> 

        <shaper></shaper> 

Here is that section in the good current config.xml:

                <separator><lan><opt1><floatingrules><wan></wan></floatingrules></opt1></lan></separator> 

        <shaper></shaper> 

I guess I should probably delete the <separator>section since it's not even displaying and see if the floating rules work now.</separator>

iamzam

Well I removed the <separator>section from the good config.xml file and tried to do the exact same thing by duplicating an existing floating rule and saving: the exact same thing happened at the same line.  It recreated the <separator>section and I think since there are two sections that include the wan tag, one and the other <wan,lan,opt1,openvpn></wan,lan,opt1,openvpn>that is where the error message is coming from?

Not sure.  I don't really know how the xml parser works and all the rules for valid xml.</separator></separator>

Steve_B

That is certainly incorrect, but I am unable to reproduce this.

I would remove all separators from all firewall_rules and firewall_nat tabs. Then delete the separator section from config.xml

iamzam

I made sure that all separator sections were removed from /cf/conf/config.xml and updated to today's snapshot and now I can duplicate a floating rule.

I will test other scenarios but I did run into another separator case, where if you create two separators and move them into place before clicking save (before apply), only one is retained and I think it moves the remaining separator down one rule as well.  I'll post that into the separators post.

I do see for the first time that moving rules/separators around the page is very snappy now on OSX Firefox 44.0.1 which is great!