OPNsense Forum

English Forums => 19.1 Legacy Series => Topic started by: cguilford on November 16, 2018, 02:53:34 pm

Title: [SOLVED] Rules keep wiping themselves out
Post by: cguilford on November 16, 2018, 02:53:34 pm
If I try to make any Deletes to my Firewall Rules on
Versions    OPNsense 19.1.b_167-amd64
FreeBSD 11.1-RELEASE-p15
OpenSSL 1.0.2p 14 Aug 2018

I was running 18.7.7 and switched up to the Beta.  If I delete an Old rule out it wipes ALL rules out and I have to do a restore configuration to get them back.  I can make changes to the existing rules and it's fine.  It seems to just happen when I delete an existing rule it wipes out all rules.
Title: Re: Rules keep wiping themselves out
Post by: cguilford on November 16, 2018, 04:41:50 pm
moved this to the 19.1 thread sorry posted in the wrong area
Title: Re: Rules keep wiping themselves out
Post by: franco on November 16, 2018, 06:35:19 pm
Hey,

It sounds like: https://github.com/opnsense/core/issues/2911

Can you inspect system: configuration: history when this happens and send the diff that's shown? I have a suspicion about what's going on...


Cheers,
Franco
Title: Re: Rules keep wiping themselves out
Post by: cguilford on November 16, 2018, 07:18:46 pm
yeah this is what I'm seeing....

--- /conf/backup/config-1542392273.1412.xml   2018-11-16 13:17:53.141999000 -0500
+++ /conf/config.xml   2018-11-16 13:17:53.158482000 -0500
@@ -704,298 +704,274 @@
   </nat>
   <filter>
     <rule>
-      <type>pass</type>
-      <interface>lan,wan</interface>
-      <ipprotocol>inet6</ipprotocol>
-      <statetype>none</statetype>
-      <direction>any</direction>
-      <quick>yes</quick>
-      <floating>yes</floating>
-      <source>
-        <any>1</any>
-      </source>
-      <destination>
-        <any>1</any>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1540988955.574</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1540497782.1129</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-      <disabled>1</disabled>
-    </rule>
-    <rule>
-      <type>block</type>
-      <interface>wan</interface>
-      <ipprotocol>inet</ipprotocol>
-      <statetype>keep state</statetype>
-      <descr>Alexa/Google Ports</descr>
-      <disabled>1</disabled>
-      <protocol>udp</protocol>
-      <source>
-        <any>1</any>
-        <port>10241</port>
-      </source>
-      <destination>
-        <network>wanip</network>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1542376361.3198</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1528309825.5703</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp/udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>32400</port>
-      </destination>
-      <descr>NAT Plex port forward</descr>
-      <associated-rule-id>nat_5b0f286193c920.44954396</associated-rule-id>
-      <created>
-        <username>root@192.168.29.50</username>
-        <time>1527720033.6054</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>8181</port>
-      </destination>
-      <descr>NAT PlexPi</descr>
-      <associated-rule-id>nat_5b0f29c0b29af4.23370032</associated-rule-id>
-      <created>
-        <username>root@192.168.29.50</username>
-        <time>1527720384.7316</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp/udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>7878</port>
-      </destination>
-      <descr>NAT Local Radar</descr>
-      <associated-rule-id>nat_5b11bf46c40127.61794743</associated-rule-id>
-      <created>
-        <username>root@192.168.29.50</username>
-        <time>1527889734.8029</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp/udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>8989</port>
-      </destination>
-      <descr>NAT Local Sonarr</descr>
-      <associated-rule-id>nat_5b11bf7103d8a5.49463380</associated-rule-id>
-      <created>
-        <username>root@192.168.29.50</username>
-        <time>1527889777.0158</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>5299</port>
-      </destination>
-      <descr>NAT LazyLibrarian Access</descr>
-      <associated-rule-id>nat_5b7c13a99ec6b3.95019256</associated-rule-id>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1534858153.6504</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <type>pass</type>
-      <interface>wan</interface>
-      <ipprotocol>inet</ipprotocol>
-      <statetype>keep state</statetype>
-      <descr>Amazon and Wyze Camera IPS</descr>
-      <category>WhiteList</category>
-      <log>1</log>
-      <protocol>tcp/udp</protocol>
-      <source>
-        <address>Wyze_Cam</address>
-      </source>
-      <destination>
-        <network>wanip</network>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1540554958.888</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1528813588.486</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <type>pass</type>
-      <interface>wan</interface>
-      <ipprotocol>inet</ipprotocol>
-      <statetype>keep state</statetype>
-      <descr>Work Whitelist IP List</descr>
-      <category>WhiteList</category>
-      <log>1</log>
-      <protocol>tcp/udp</protocol>
-      <source>
-        <address>WorkIPS</address>
-      </source>
-      <destination>
-        <network>wanip</network>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1540554991.6754</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1540554892.9291</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <address>WorkIPS</address>
-      </source>
-      <interface>wan</interface>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>Server</address>
-        <port>3389</port>
-      </destination>
-      <descr>NAT Reverse RDP Port from WAN to Server</descr>
-      <associated-rule-id>nat_5b7482db67cf27.66848718</associated-rule-id>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1534362331.4252</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <type>pass</type>
-      <interface>wan</interface>
-      <ipprotocol>inet6</ipprotocol>
-      <statetype>keep state</statetype>
-      <log>1</log>
-      <source>
-        <network>wan</network>
-      </source>
-      <destination>
-        <network>wanip</network>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1541681207.0105</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1541681207.0105</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <type>block</type>
-      <interface>wan</interface>
-      <ipprotocol>inet</ipprotocol>
-      <statetype>keep state</statetype>
-      <descr>Rule to Fireup Block IP List from Alias</descr>
-      <source>
-        <address>BlockIPList</address>
-      </source>
-      <destination>
-        <any>1</any>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1540988840.5083</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
-      <created>
-        <username>root@40.134.81.116</username>
-        <time>1531424177.5597</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <type>pass</type>
-      <ipprotocol>inet</ipprotocol>
-      <descr>Default allow LAN to any rule</descr>
-      <interface>lan</interface>
-      <source>
-        <network>lan</network>
-      </source>
-      <destination>
-        <any/>
-      </destination>
-    </rule>
-    <rule>
-      <type>pass</type>
-      <interface>lan</interface>
-      <ipprotocol>inet6</ipprotocol>
-      <statetype>keep state</statetype>
-      <descr>Default allow LAN IPv6 to any rule</descr>
-      <source>
-        <network>lan</network>
-      </source>
-      <destination>
-        <any>1</any>
-      </destination>
-      <updated>
-        <username>root@40.134.81.116</username>
-        <time>1541681228.4106</time>
-        <description>/firewall_rules_edit.php made changes</description>
-      </updated>
+      <rule>
+        <type>pass</type>
+        <interface>lan,wan</interface>
+        <ipprotocol>inet6</ipprotocol>
+        <statetype>none</statetype>
+        <direction>any</direction>
+        <quick>yes</quick>
+        <floating>yes</floating>
+        <source>
+          <any>1</any>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1540988955.574</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1540497782.1129</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </created>
+        <disabled>1</disabled>
+      </rule>
+      <rule>
+        <source>
+          <any>1</any>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp/udp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>32400</port>
+        </destination>
+        <descr>NAT Plex port forward</descr>
+        <associated-rule-id>nat_5b0f286193c920.44954396</associated-rule-id>
+        <created>
+          <username>root@192.168.29.50</username>
+          <time>1527720033.6054</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <any>1</any>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>8181</port>
+        </destination>
+        <descr>NAT PlexPi</descr>
+        <associated-rule-id>nat_5b0f29c0b29af4.23370032</associated-rule-id>
+        <created>
+          <username>root@192.168.29.50</username>
+          <time>1527720384.7316</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <any>1</any>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp/udp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>7878</port>
+        </destination>
+        <descr>NAT Local Radar</descr>
+        <associated-rule-id>nat_5b11bf46c40127.61794743</associated-rule-id>
+        <created>
+          <username>root@192.168.29.50</username>
+          <time>1527889734.8029</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <any>1</any>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp/udp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>8989</port>
+        </destination>
+        <descr>NAT Local Sonarr</descr>
+        <associated-rule-id>nat_5b11bf7103d8a5.49463380</associated-rule-id>
+        <created>
+          <username>root@192.168.29.50</username>
+          <time>1527889777.0158</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <any>1</any>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>5299</port>
+        </destination>
+        <descr>NAT LazyLibrarian Access</descr>
+        <associated-rule-id>nat_5b7c13a99ec6b3.95019256</associated-rule-id>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1534858153.6504</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <type>pass</type>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <statetype>keep state</statetype>
+        <descr>Amazon and Wyze Camera IPS</descr>
+        <category>WhiteList</category>
+        <log>1</log>
+        <protocol>tcp/udp</protocol>
+        <source>
+          <address>Wyze_Cam</address>
+        </source>
+        <destination>
+          <network>wanip</network>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1540554958.888</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1528813588.486</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <type>pass</type>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <statetype>keep state</statetype>
+        <descr>Work Whitelist IP List</descr>
+        <category>WhiteList</category>
+        <log>1</log>
+        <protocol>tcp/udp</protocol>
+        <source>
+          <address>WorkIPS</address>
+        </source>
+        <destination>
+          <network>wanip</network>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1540554991.6754</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1540554892.9291</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <source>
+          <address>WorkIPS</address>
+        </source>
+        <interface>wan</interface>
+        <protocol>tcp</protocol>
+        <ipprotocol>inet</ipprotocol>
+        <destination>
+          <address>Server</address>
+          <port>3389</port>
+        </destination>
+        <descr>NAT Reverse RDP Port from WAN to Server</descr>
+        <associated-rule-id>nat_5b7482db67cf27.66848718</associated-rule-id>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1534362331.4252</time>
+          <description>/firewall_nat_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <type>pass</type>
+        <interface>wan</interface>
+        <ipprotocol>inet6</ipprotocol>
+        <statetype>keep state</statetype>
+        <log>1</log>
+        <source>
+          <network>wan</network>
+        </source>
+        <destination>
+          <network>wanip</network>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1541681207.0105</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1541681207.0105</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <type>block</type>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <statetype>keep state</statetype>
+        <descr>Rule to Fireup Block IP List from Alias</descr>
+        <source>
+          <address>BlockIPList</address>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1540988840.5083</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+        <created>
+          <username>root@40.134.81.116</username>
+          <time>1531424177.5597</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </created>
+      </rule>
+      <rule>
+        <type>pass</type>
+        <ipprotocol>inet</ipprotocol>
+        <descr>Default allow LAN to any rule</descr>
+        <interface>lan</interface>
+        <source>
+          <network>lan</network>
+        </source>
+        <destination>
+          <any/>
+        </destination>
+      </rule>
+      <rule>
+        <type>pass</type>
+        <interface>lan</interface>
+        <ipprotocol>inet6</ipprotocol>
+        <statetype>keep state</statetype>
+        <descr>Default allow LAN IPv6 to any rule</descr>
+        <source>
+          <network>lan</network>
+        </source>
+        <destination>
+          <any>1</any>
+        </destination>
+        <updated>
+          <username>root@40.134.81.116</username>
+          <time>1541681228.4106</time>
+          <description>/firewall_rules_edit.php made changes</description>
+        </updated>
+      </rule>
     </rule>
   </filter>
   <rrd>
@@ -1054,8 +1030,8 @@
   </widgets>
   <revision>
     <username>root@40.134.81.116</username>
-    <time>1542376495.6346</time>
-    <description>Reverted to config-1542376451.7471.xml</description>
+    <time>1542392273.142</time>
+    <description>/firewall_rules.php made changes</description>
   </revision>
   <OPNsense>
     <captiveportal version="1.0.0">
Title: Re: Rules keep wiping themselves out
Post by: franco on November 20, 2018, 07:12:34 am
Solved via: https://github.com/opnsense/core/issues/2911

# opnsense-patch 0df2434