[SOLVED] Error notice for a deleted NAT that had a RULE



  • I crated a NAT entry and pfSense created a default RULE for it. I saw that the rule was basically useless because I had another rule that covered it. So I deleted the rule. Ever since then I've been getting a notice/error generate almost every 10 seconds.

    These are what the notices/errors look like:

    
    There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:46:43
    There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:46:44
    There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:47:42
    There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:47:43
    There were error(s) loading the rules: /tmp/rules.debug:216: rule expands to no valid combination - The line in question reads [216]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:48:20
    
    

    I tried deleting the NAT entry and recreating it but these errors are still being generated. Anyone know how I can fix this?



  • SOLVED. I re-entered all my rules.



  • You configured an IPv6 rule with an IPv4 subnet. Which we shouldn't allow. I fixed the input validation to prohibit such configs, thanks for the report.
    https://redmine.pfsense.org/issues/6211


Log in to reply