Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] Rules keep wiping themselves out
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Rules keep wiping themselves out (Read 6969 times)
cguilford
Full Member
Posts: 130
Karma: 15
[SOLVED] Rules keep wiping themselves out
«
on:
November 16, 2018, 02:53:34 pm »
If I try to make any Deletes to my Firewall Rules on
Versions OPNsense 19.1.b_167-amd64
FreeBSD 11.1-RELEASE-p15
OpenSSL 1.0.2p 14 Aug 2018
I was running 18.7.7 and switched up to the Beta. If I delete an Old rule out it wipes ALL rules out and I have to do a restore configuration to get them back. I can make changes to the existing rules and it's fine. It seems to just happen when I delete an existing rule it wipes out all rules.
«
Last Edit: November 20, 2018, 07:12:44 am by franco
»
Logged
cguilford
Full Member
Posts: 130
Karma: 15
Re: Rules keep wiping themselves out
«
Reply #1 on:
November 16, 2018, 04:41:50 pm »
moved this to the 19.1 thread sorry posted in the wrong area
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Rules keep wiping themselves out
«
Reply #2 on:
November 16, 2018, 06:35:19 pm »
Hey,
It sounds like:
https://github.com/opnsense/core/issues/2911
Can you inspect system: configuration: history when this happens and send the diff that's shown? I have a suspicion about what's going on...
Cheers,
Franco
Logged
cguilford
Full Member
Posts: 130
Karma: 15
Re: Rules keep wiping themselves out
«
Reply #3 on:
November 16, 2018, 07:18:46 pm »
yeah this is what I'm seeing....
--- /conf/backup/config-1542392273.1412.xml 2018-11-16 13:17:53.141999000 -0500
+++ /conf/config.xml 2018-11-16 13:17:53.158482000 -0500
@@ -704,298 +704,274 @@
</nat>
<filter>
<rule>
- <type>pass</type>
- <interface>lan,wan</interface>
- <ipprotocol>inet6</ipprotocol>
- <statetype>none</statetype>
- <direction>any</direction>
- <quick>yes</quick>
- <floating>yes</floating>
- <source>
- <any>1</any>
- </source>
- <destination>
- <any>1</any>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1540988955.574</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1540497782.1129</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- <disabled>1</disabled>
- </rule>
- <rule>
- <type>block</type>
- <interface>wan</interface>
- <ipprotocol>inet</ipprotocol>
- <statetype>keep state</statetype>
- <descr>Alexa/Google Ports</descr>
- <disabled>1</disabled>
- <protocol>udp</protocol>
- <source>
- <any>1</any>
- <port>10241</port>
- </source>
- <destination>
- <network>wanip</network>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1542376361.3198</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1528309825.5703</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <any>1</any>
- </source>
- <interface>wan</interface>
- <protocol>tcp/udp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>32400</port>
- </destination>
- <descr>NAT Plex port forward</descr>
- <associated-rule-id>nat_5b0f286193c920.44954396</associated-rule-id>
- <created>
- <username>root@192.168.29.50</username>
- <time>1527720033.6054</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <any>1</any>
- </source>
- <interface>wan</interface>
- <protocol>tcp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>8181</port>
- </destination>
- <descr>NAT PlexPi</descr>
- <associated-rule-id>nat_5b0f29c0b29af4.23370032</associated-rule-id>
- <created>
- <username>root@192.168.29.50</username>
- <time>1527720384.7316</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <any>1</any>
- </source>
- <interface>wan</interface>
- <protocol>tcp/udp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>7878</port>
- </destination>
- <descr>NAT Local Radar</descr>
- <associated-rule-id>nat_5b11bf46c40127.61794743</associated-rule-id>
- <created>
- <username>root@192.168.29.50</username>
- <time>1527889734.8029</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <any>1</any>
- </source>
- <interface>wan</interface>
- <protocol>tcp/udp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>8989</port>
- </destination>
- <descr>NAT Local Sonarr</descr>
- <associated-rule-id>nat_5b11bf7103d8a5.49463380</associated-rule-id>
- <created>
- <username>root@192.168.29.50</username>
- <time>1527889777.0158</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <any>1</any>
- </source>
- <interface>wan</interface>
- <protocol>tcp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>5299</port>
- </destination>
- <descr>NAT LazyLibrarian Access</descr>
- <associated-rule-id>nat_5b7c13a99ec6b3.95019256</associated-rule-id>
- <created>
- <username>root@40.134.81.116</username>
- <time>1534858153.6504</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <type>pass</type>
- <interface>wan</interface>
- <ipprotocol>inet</ipprotocol>
- <statetype>keep state</statetype>
- <descr>Amazon and Wyze Camera IPS</descr>
- <category>WhiteList</category>
- <log>1</log>
- <protocol>tcp/udp</protocol>
- <source>
- <address>Wyze_Cam</address>
- </source>
- <destination>
- <network>wanip</network>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1540554958.888</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1528813588.486</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <type>pass</type>
- <interface>wan</interface>
- <ipprotocol>inet</ipprotocol>
- <statetype>keep state</statetype>
- <descr>Work Whitelist IP List</descr>
- <category>WhiteList</category>
- <log>1</log>
- <protocol>tcp/udp</protocol>
- <source>
- <address>WorkIPS</address>
- </source>
- <destination>
- <network>wanip</network>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1540554991.6754</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1540554892.9291</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <source>
- <address>WorkIPS</address>
- </source>
- <interface>wan</interface>
- <protocol>tcp</protocol>
- <ipprotocol>inet</ipprotocol>
- <destination>
- <address>Server</address>
- <port>3389</port>
- </destination>
- <descr>NAT Reverse RDP Port from WAN to Server</descr>
- <associated-rule-id>nat_5b7482db67cf27.66848718</associated-rule-id>
- <created>
- <username>root@40.134.81.116</username>
- <time>1534362331.4252</time>
- <description>/firewall_nat_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <type>pass</type>
- <interface>wan</interface>
- <ipprotocol>inet6</ipprotocol>
- <statetype>keep state</statetype>
- <log>1</log>
- <source>
- <network>wan</network>
- </source>
- <destination>
- <network>wanip</network>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1541681207.0105</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1541681207.0105</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <type>block</type>
- <interface>wan</interface>
- <ipprotocol>inet</ipprotocol>
- <statetype>keep state</statetype>
- <descr>Rule to Fireup Block IP List from Alias</descr>
- <source>
- <address>BlockIPList</address>
- </source>
- <destination>
- <any>1</any>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1540988840.5083</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
- <created>
- <username>root@40.134.81.116</username>
- <time>1531424177.5597</time>
- <description>/firewall_rules_edit.php made changes</description>
- </created>
- </rule>
- <rule>
- <type>pass</type>
- <ipprotocol>inet</ipprotocol>
- <descr>Default allow LAN to any rule</descr>
- <interface>lan</interface>
- <source>
- <network>lan</network>
- </source>
- <destination>
- <any/>
- </destination>
- </rule>
- <rule>
- <type>pass</type>
- <interface>lan</interface>
- <ipprotocol>inet6</ipprotocol>
- <statetype>keep state</statetype>
- <descr>Default allow LAN IPv6 to any rule</descr>
- <source>
- <network>lan</network>
- </source>
- <destination>
- <any>1</any>
- </destination>
- <updated>
- <username>root@40.134.81.116</username>
- <time>1541681228.4106</time>
- <description>/firewall_rules_edit.php made changes</description>
- </updated>
+ <rule>
+ <type>pass</type>
+ <interface>lan,wan</interface>
+ <ipprotocol>inet6</ipprotocol>
+ <statetype>none</statetype>
+ <direction>any</direction>
+ <quick>yes</quick>
+ <floating>yes</floating>
+ <source>
+ <any>1</any>
+ </source>
+ <destination>
+ <any>1</any>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1540988955.574</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1540497782.1129</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </created>
+ <disabled>1</disabled>
+ </rule>
+ <rule>
+ <source>
+ <any>1</any>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp/udp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>32400</port>
+ </destination>
+ <descr>NAT Plex port forward</descr>
+ <associated-rule-id>nat_5b0f286193c920.44954396</associated-rule-id>
+ <created>
+ <username>root@192.168.29.50</username>
+ <time>1527720033.6054</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <source>
+ <any>1</any>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>8181</port>
+ </destination>
+ <descr>NAT PlexPi</descr>
+ <associated-rule-id>nat_5b0f29c0b29af4.23370032</associated-rule-id>
+ <created>
+ <username>root@192.168.29.50</username>
+ <time>1527720384.7316</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <source>
+ <any>1</any>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp/udp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>7878</port>
+ </destination>
+ <descr>NAT Local Radar</descr>
+ <associated-rule-id>nat_5b11bf46c40127.61794743</associated-rule-id>
+ <created>
+ <username>root@192.168.29.50</username>
+ <time>1527889734.8029</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <source>
+ <any>1</any>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp/udp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>8989</port>
+ </destination>
+ <descr>NAT Local Sonarr</descr>
+ <associated-rule-id>nat_5b11bf7103d8a5.49463380</associated-rule-id>
+ <created>
+ <username>root@192.168.29.50</username>
+ <time>1527889777.0158</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <source>
+ <any>1</any>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>5299</port>
+ </destination>
+ <descr>NAT LazyLibrarian Access</descr>
+ <associated-rule-id>nat_5b7c13a99ec6b3.95019256</associated-rule-id>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1534858153.6504</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <type>pass</type>
+ <interface>wan</interface>
+ <ipprotocol>inet</ipprotocol>
+ <statetype>keep state</statetype>
+ <descr>Amazon and Wyze Camera IPS</descr>
+ <category>WhiteList</category>
+ <log>1</log>
+ <protocol>tcp/udp</protocol>
+ <source>
+ <address>Wyze_Cam</address>
+ </source>
+ <destination>
+ <network>wanip</network>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1540554958.888</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1528813588.486</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <type>pass</type>
+ <interface>wan</interface>
+ <ipprotocol>inet</ipprotocol>
+ <statetype>keep state</statetype>
+ <descr>Work Whitelist IP List</descr>
+ <category>WhiteList</category>
+ <log>1</log>
+ <protocol>tcp/udp</protocol>
+ <source>
+ <address>WorkIPS</address>
+ </source>
+ <destination>
+ <network>wanip</network>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1540554991.6754</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1540554892.9291</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <source>
+ <address>WorkIPS</address>
+ </source>
+ <interface>wan</interface>
+ <protocol>tcp</protocol>
+ <ipprotocol>inet</ipprotocol>
+ <destination>
+ <address>Server</address>
+ <port>3389</port>
+ </destination>
+ <descr>NAT Reverse RDP Port from WAN to Server</descr>
+ <associated-rule-id>nat_5b7482db67cf27.66848718</associated-rule-id>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1534362331.4252</time>
+ <description>/firewall_nat_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <type>pass</type>
+ <interface>wan</interface>
+ <ipprotocol>inet6</ipprotocol>
+ <statetype>keep state</statetype>
+ <log>1</log>
+ <source>
+ <network>wan</network>
+ </source>
+ <destination>
+ <network>wanip</network>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1541681207.0105</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1541681207.0105</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <type>block</type>
+ <interface>wan</interface>
+ <ipprotocol>inet</ipprotocol>
+ <statetype>keep state</statetype>
+ <descr>Rule to Fireup Block IP List from Alias</descr>
+ <source>
+ <address>BlockIPList</address>
+ </source>
+ <destination>
+ <any>1</any>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1540988840.5083</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ <created>
+ <username>root@40.134.81.116</username>
+ <time>1531424177.5597</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </created>
+ </rule>
+ <rule>
+ <type>pass</type>
+ <ipprotocol>inet</ipprotocol>
+ <descr>Default allow LAN to any rule</descr>
+ <interface>lan</interface>
+ <source>
+ <network>lan</network>
+ </source>
+ <destination>
+ <any/>
+ </destination>
+ </rule>
+ <rule>
+ <type>pass</type>
+ <interface>lan</interface>
+ <ipprotocol>inet6</ipprotocol>
+ <statetype>keep state</statetype>
+ <descr>Default allow LAN IPv6 to any rule</descr>
+ <source>
+ <network>lan</network>
+ </source>
+ <destination>
+ <any>1</any>
+ </destination>
+ <updated>
+ <username>root@40.134.81.116</username>
+ <time>1541681228.4106</time>
+ <description>/firewall_rules_edit.php made changes</description>
+ </updated>
+ </rule>
</rule>
</filter>
<rrd>
@@ -1054,8 +1030,8 @@
</widgets>
<revision>
<username>root@40.134.81.116</username>
- <time>1542376495.6346</time>
- <description>Reverted to config-1542376451.7471.xml</description>
+ <time>1542392273.142</time>
+ <description>/firewall_rules.php made changes</description>
</revision>
<OPNsense>
<captiveportal version="1.0.0">
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Rules keep wiping themselves out
«
Reply #4 on:
November 20, 2018, 07:12:34 am »
Solved via:
https://github.com/opnsense/core/issues/2911
# opnsense-patch 0df2434
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
[SOLVED] Rules keep wiping themselves out
