[SOLVED] Error notice for a deleted NAT that had a RULE
-
I crated a NAT entry and pfSense created a default RULE for it. I saw that the rule was basically useless because I had another rule that covered it. So I deleted the rule. Ever since then I've been getting a notice/error generate almost every 10 seconds.
These are what the notices/errors look like:
There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:46:43 There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:46:44 There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:47:42 There were error(s) loading the rules: /tmp/rules.debug:208: rule expands to no valid combination - The line in question reads [208]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:47:43 There were error(s) loading the rules: /tmp/rules.debug:216: rule expands to no valid combination - The line in question reads [216]: pass in quick on $LAN inet6 from 192.168.1.0/24 to any tracker 0100000102 keep state label "USER_RULE: Default allow LAN IPv6 to any rule" @ 2016-04-19 19:48:20
I tried deleting the NAT entry and recreating it but these errors are still being generated. Anyone know how I can fix this?
-
SOLVED. I re-entered all my rules.
-
You configured an IPv6 rule with an IPv4 subnet. Which we shouldn't allow. I fixed the input validation to prohibit such configs, thanks for the report.
https://redmine.pfsense.org/issues/6211
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.