OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: hbc on April 24, 2019, 04:53:29 pm
-
I am just setting up a new ha cluster. Added many interfaces and configured the CARP.
Now I finally reached the stage where I can set up rules. For installation I added a temporary allow all rules which I already removed and replaced with more granular ones.
I wondered why everything is still possible and the redirect to proxy is not triggered.
Now I made a pfctl -sr and I just see my old temporary allow all rule. No matter what I do, the rules in gui are not applied to pf. Any known new issues in 19.1.6? How can I force the gui to sync rules to pf?
Update
Rebooted machine and now: no rules at all.
#pfctl -sr#pfctl -sn
is empty :(
-
04-24-19 17:01:46 [ There were error(s) loading the rules: /tmp/rules.debug:80: interface name too long - The line in question reads [80]: rdr on GRPStudentsNetwork inet proto tcp from {(GRPStudentsNetwork:network)} port $Port_unprivileged to {any} port {80} -> 127.0.0.1 port 3128 # redirect traffic to local proxy (IPv4 only) ]
What is the maximum length of interface name or firewall group name? Shouldn't be there a length check when entering a interface name, so that this error could not happen?
-
> GRPStudentsNetwork
15 Characters.
> GRPStudentsNetw
The issue here it seems is that interface group names (they are just tags) can be longer, but pf(4) parser in the OS won't accept them for what they are and tries to coerce itself into thinking it must be a device name.
We can lower the character limit, but this might also be fixable in BSD.
Cheers,
Franco
-
PS: https://github.com/opnsense/core/commit/d40c917fcba
-
Thanks. You are right. Maybe an BSD issue in this case. But as long as not fixed there, your patch prevents issues with opnsense. :)
-
Yep, we an always lift that restriction if pf(4) allows this. And it doesn't affect running installs unless you have to edit members on overlong group names. But then you see the error and need to shorten a bit. Not a big deal. :)
Thanks,
Franco