Alias based firewall rules doesn't work after upgrade to 22.1.8

[tuxlemmi]

I have a ccouple ipsec site2site tunnels running on my opnsense.
Each LAN on the remote sites has an alias. I use these aliases to define rules that pass every traffic/protocol to the remote site.
ssh, http, https will pass, every other traffic will be blocked since the update to 22.1.8 as i can see in the live log by the default block rule.

This was not expected.

Just to try i added an ANY-2-ANY rule and it works again - but this is just vor testing.

[vOoPtNa]

I've seen a similar behaivor. After upgrading to 22.1.8 some rules stopped working...
Had no time to troubleshoot this further and revented back to 22.1.7.

Will try to reproduce it later and report here.

[Com DAC]

After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

[neis]

I experience the same as others.  Post update all LAN traffic was ignoring any rules with aliases attached and was instead matching the floating default deny rule.  A quick edit and save with no changes did not work for me but disabling/enabling the alias resolved the issue.

[CGrisamore]

Thanks for the heads up. I did the upgrade this morning and all seemed fine but after reading this post I tested my Wireguard connection (used for remote access to my home network) and it wasn't working. I use an alias for a rule specific to Wireguard VPN clients and after disabling saving and re-enabling its now working properly.

[vOoPtNa]

Seems to be some kind of bug.
Under Firewall->Diagnostics->Aliases some aliases doesn't show results(see attached screenshots)

[mannp]

Became slack with the previous faultless releases, but this one borked me for sure.....downloading 22.1.7 now....

[db7]

After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

[mannp]

After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

Did you use opnsense-revert to get to 22.1.7_1? Struggling to find the process...thx

[gpb]

edit: deleted.

[db7]

After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

Did you use opnsense-revert to get to 22.1.7_1? Struggling to find the process...thx

Yes, that's correct.  You'll want to run this:

Code: [Select]

opnsense-revert -r 22.1.7_1 opnsense
Then reboot, everything should come back up as it was.  If you can't reboot after install, you can probably do the disable/enable on aliases to bring them up for the current session, and then the reverted opnsense package will handle loading them correctly on the next reboot.

[abulafia]

Have you reported this as a bug on GitHub? If not please do - sounds like a bug and that will get resolved earlier if a GitHub report is made.

[vOoPtNa]

Have you reported this as a bug on GitHub? If not please do - sounds like a bug and that will get resolved earlier if a GitHub report is made.

issue on github already reported:
https://github.com/opnsense/core/issues/5788

[mannp]

Yes, that's correct.  You'll want to run this:

Code: [Select]

opnsense-revert -r 22.1.7_1 opnsense
Then reboot, everything should come back up as it was.  If you can't reboot after install, you can probably do the disable/enable on aliases to bring them up for the current session, and then the reverted opnsense package will handle loading them correctly on the next reboot.

Thanks for confirming I was about to 'engage' and you confirmed, so thanks.

Restored my config back after the downgrade to be sure.....seems back...

[meyergru]

Confirming the bug as well. In my case, only one alias was affected, namely a network alias.

Reverting to 22.1.7_1...