OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: katamadone [CH] on January 23, 2018, 11:10:23 am

Title: 17.7 - interface groups
Post by: katamadone [CH] on January 23, 2018, 11:10:23 am

Did anyone receive this error:

opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules:
/tmp/rules.debug:191: interface name too long - The line in question reads [191]: pass in quick on
envALLexcINTPROD inet proto tcp from {any} to {(vmx2_vlan630:network)} port $p_jaso_service keep
state label "USER_RULE: allow jaso service from every env excluding prod ..."

I created a InterfaceGroup "envALLexcINTPROD" and applied the rule to that interace. Does anyone have an idee which part is restricted in size?

Title: Re: 17.7 - interface groups
Post by: franco on January 23, 2018, 04:53:56 pm

Er, this is weird:

vmx2_vlan630:network

An interface maximum is 15 readable characters, but it counts ":network" which is just an pf.conf alias.

There is no quick fix for this, I need to find the problem in the kernel... I'll add a ticket.


Cheers,
Franco

Title: Re: 17.7 - interface groups
Post by: franco on January 23, 2018, 04:55:06 pm

Oh, envALLexcINTPROD seems too long as well (1 character)... maybe that is the issue instead?


Cheers,
Franco

Title: Re: 17.7 - interface groups
Post by: katamadone [CH] on January 25, 2018, 02:57:30 pm

Let me investigate a little bit more.
I'll try to find out. But I'm in the middle of creating a HA Firewall with at the moment roughly 20 Interface, CARP and so on.. have to test some other stuff :)
I'll try to come back soon with further informations.