Hi,
is it normal that automatically generated firewall aliases (LAN, WAN, loopback, etc.) always show up as empty in Firewall -> Diagnostics -> Aliases? See attachment screenshots for an example. Other aliases (e.g. bogons) show up with content as expected.
No errors appear in the backend log, just the normal notices. The generated aliases are functioning in firewall rules (hence they cannot be empty).
After updating to 25.7.3 today, I also had problems with empty aliases.
In my case, manually created aliases were also empty in the diagnostics.
For this reason, none of my rules matched and I had to restore to 25.7.1. Now everything is working again.
Same here.
same here, upgraded from 25.7.2 to 25.7.3 and now all the automatically generated firewall aliases (LAN, WAN, loopback, etc.) always show up as empty in Firewall -> Diagnostics -> Aliases.
In earlier version 25.7.2, did not have this issue, seems like a clear regression.
Luckily i'd only upgraded pre-production LAB testing staging OPNsense and run into this issue, 25.7.3 won't be going into production....
I was able to downgrade the opnsense package to 25.7.1 to fix my issue until a fix comes out.
Looking into it now, thanks for the report!
This was hotfixed in 25.7.3_3.
Cheers,
Franco
Great, thanks a lot for the quick reaction franco!
I can confirm that in 25.7.3_3 all these internal pf tables are populated again on my system.
Franco I applied the hot fix and rebooted and still have empty alias tables.
Quote from: Burthouse4563 on September 10, 2025, 03:59:13 PMFranco I applied the hot fix and rebooted and still have empty alias tables.
same problem
Quote from: nbca2 on September 10, 2025, 04:01:48 PMQuote from: Burthouse4563 on September 10, 2025, 03:59:13 PMFranco I applied the hot fix and rebooted and still have empty alias tables.
same problem
I think I found part of the problem. I had an alias with URLs in it that were failing to resolve because they didn't have https in front of them. This previously didn't cause an issue on older versions. But disalbing that alias allowed other aliases to populate. So there's an issue if an alias can't populate that it stops updating ones further down the list.
Example error message.
error fetching alias url us.archive.ubuntu.com (Invalid URL 'us.archive.ubuntu.com': No scheme supplied. Perhaps you meant https://us.archive.ubuntu.com?)
Quote from: Burthouse4563 on September 10, 2025, 04:43:38 PMQuote from: nbca2 on September 10, 2025, 04:01:48 PMQuote from: Burthouse4563 on September 10, 2025, 03:59:13 PMFranco I applied the hot fix and rebooted and still have empty alias tables.
same problem
I think I found part of the problem. I had an alias with URLs in it that were failing to resolve because they didn't have https in front of them. This previously didn't cause an issue on older versions. But disalbing that alias allowed other aliases to populate. So there's an issue if an alias can't populate that it stops updating ones further down the list.
Example error message.
error fetching alias url us.archive.ubuntu.com (Invalid URL 'us.archive.ubuntu.com': No scheme supplied. Perhaps you meant https://us.archive.ubuntu.com?)
you're right, i resolved modifing the type from "url" to "Host/s" in the alias that in Content has "archive.ubuntu.com"
now the command /usr/local/opnsense/scripts/filter/update_tables.py --> {"status": "ok"}
aliases are populated now
Quote from: nbca2 on September 10, 2025, 04:54:13 PMQuote from: Burthouse4563 on September 10, 2025, 04:43:38 PMQuote from: nbca2 on September 10, 2025, 04:01:48 PMQuote from: Burthouse4563 on September 10, 2025, 03:59:13 PMFranco I applied the hot fix and rebooted and still have empty alias tables.
same problem
I think I found part of the problem. I had an alias with URLs in it that were failing to resolve because they didn't have https in front of them. This previously didn't cause an issue on older versions. But disalbing that alias allowed other aliases to populate. So there's an issue if an alias can't populate that it stops updating ones further down the list.
Example error message.
error fetching alias url us.archive.ubuntu.com (Invalid URL 'us.archive.ubuntu.com': No scheme supplied. Perhaps you meant https://us.archive.ubuntu.com?)
you're right, i resolved modifing the type from "url" to "Host/s" in the alias that in Content has "archive.ubuntu.com"
now the command /usr/local/opnsense/scripts/filter/update_tables.py --> {"status": "ok"}
aliases are populated now
I made that change as well and it also fixed the alias problem.