17.7 - interface groups

Started by katamadone [CH], January 23, 2018, 11:10:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 23, 2018, 11:10:23 AM
Did anyone receive this error:

opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules:
/tmp/rules.debug:191: interface name too long - The line in question reads [191]: pass in quick on
envALLexcINTPROD inet proto tcp from {any} to {(vmx2_vlan630:network)} port $p_jaso_service keep
state label "USER_RULE: allow jaso service from every env excluding prod ..."

I created a InterfaceGroup "envALLexcINTPROD" and applied the rule to that interace. Does anyone have an idee which part is restricted in size?
January 23, 2018, 04:53:56 PM #1
Er, this is weird:

vmx2_vlan630:network

An interface maximum is 15 readable characters, but it counts ":network" which is just an pf.conf alias.

There is no quick fix for this, I need to find the problem in the kernel... I'll add a ticket.


Cheers,
Franco
January 23, 2018, 04:55:06 PM #2
Oh, envALLexcINTPROD seems too long as well (1 character)... maybe that is the issue instead?


Cheers,
Franco
January 25, 2018, 02:57:30 PM #3
Let me investigate a little bit more.
I'll try to find out. But I'm in the middle of creating a HA Firewall with at the moment roughly 20 Interface, CARP and so on.. have to test some other stuff :)
I'll try to come back soon with further informations.
Print
Go Up Pages1
User actions