Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
17.7 - interface groups
« previous
next »
Print
Pages: [
1
]
Author
Topic: 17.7 - interface groups (Read 5994 times)
katamadone [CH]
Jr. Member
Posts: 95
Karma: 11
17.7 - interface groups
«
on:
January 23, 2018, 11:10:23 am »
Did anyone receive this error:
opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules:
/tmp/rules.debug:191: interface name too long - The line in question reads [191]: pass in quick on
envALLexcINTPROD inet proto tcp from {any} to {(vmx2_vlan630:network)} port $p_jaso_service keep
state label "USER_RULE: allow jaso service from every env excluding prod ..."
I created a InterfaceGroup "envALLexcINTPROD" and applied the rule to that interace. Does anyone have an idee which part is restricted in size?
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: 17.7 - interface groups
«
Reply #1 on:
January 23, 2018, 04:53:56 pm »
Er, this is weird:
vmx2_vlan630:network
An interface maximum is 15 readable characters, but it counts ":network" which is just an pf.conf alias.
There is no quick fix for this, I need to find the problem in the kernel... I'll add a ticket.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: 17.7 - interface groups
«
Reply #2 on:
January 23, 2018, 04:55:06 pm »
Oh, envALLexcINTPROD seems too long as well (1 character)... maybe that is the issue instead?
Cheers,
Franco
Logged
katamadone [CH]
Jr. Member
Posts: 95
Karma: 11
Re: 17.7 - interface groups
«
Reply #3 on:
January 25, 2018, 02:57:30 pm »
Let me investigate a little bit more.
I'll try to find out. But I'm in the middle of creating a HA Firewall with at the moment roughly 20 Interface, CARP and so on.. have to test some other stuff
I'll try to come back soon with further informations.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
17.7 - interface groups