OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • Alias based firewall rules doesn't work after upgrade to 22.1.8
« previous next »
  • Print
Pages: [1] 2 3 4

Author Topic: Alias based firewall rules doesn't work after upgrade to 22.1.8  (Read 10774 times)

tuxlemmi

  • Newbie
  • *
  • Posts: 5
  • Karma: 1
    • View Profile
Alias based firewall rules doesn't work after upgrade to 22.1.8
« on: May 25, 2022, 01:57:16 pm »
I have a ccouple ipsec site2site tunnels running on my opnsense.
Each LAN on the remote sites has an alias. I use these aliases to define rules that pass every traffic/protocol to the remote site.
ssh, http, https will pass, every other traffic will be blocked since the update to 22.1.8 as i can see in the live log by the default block rule.

This was not expected.

Just to try i added an ANY-2-ANY rule and it works again - but this is just vor testing.


Logged

vOoPtNa

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #1 on: May 25, 2022, 03:37:45 pm »
I've seen a similar behaivor. After upgrading to 22.1.8 some rules stopped working...
Had no time to troubleshoot this further and revented back to 22.1.7.

Will try to reproduce it later and report here.
Logged

Com DAC

  • Newbie
  • *
  • Posts: 18
  • Karma: 4
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #2 on: May 25, 2022, 03:54:18 pm »
After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.
Logged

neis

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #3 on: May 25, 2022, 07:00:30 pm »
I experience the same as others.  Post update all LAN traffic was ignoring any rules with aliases attached and was instead matching the floating default deny rule.  A quick edit and save with no changes did not work for me but disabling/enabling the alias resolved the issue.
Logged

CGrisamore

  • Newbie
  • *
  • Posts: 24
  • Karma: 1
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #4 on: May 25, 2022, 07:28:14 pm »
Thanks for the heads up. I did the upgrade this morning and all seemed fine but after reading this post I tested my Wireguard connection (used for remote access to my home network) and it wasn't working. I use an alias for a rule specific to Wireguard VPN clients and after disabling saving and re-enabling its now working properly.
Logged

vOoPtNa

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #5 on: May 25, 2022, 09:03:58 pm »
Seems to be some kind of bug.
Under Firewall->Diagnostics->Aliases some aliases doesn't show results(see attached screenshots)
Logged

mannp

  • Newbie
  • *
  • Posts: 23
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #6 on: May 25, 2022, 09:06:08 pm »
Became slack with the previous faultless releases, but this one borked me for sure.....downloading 22.1.7 now....
Logged

db7

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #7 on: May 25, 2022, 09:11:40 pm »
Quote from: Com DAC on May 25, 2022, 03:54:18 pm
After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.
Logged

mannp

  • Newbie
  • *
  • Posts: 23
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #8 on: May 25, 2022, 09:34:07 pm »
Quote from: db7 on May 25, 2022, 09:11:40 pm
Quote from: Com DAC on May 25, 2022, 03:54:18 pm
After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

Did you use opnsense-revert to get to 22.1.7_1? Struggling to find the process...thx
Logged

gpb

  • Full Member
  • ***
  • Posts: 230
  • Karma: 13
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #9 on: May 25, 2022, 09:44:22 pm »
edit: deleted.
« Last Edit: May 26, 2022, 04:41:02 pm by gpb »
Logged
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT

db7

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #10 on: May 25, 2022, 09:51:29 pm »
Quote from: mannp on May 25, 2022, 09:34:07 pm
Quote from: db7 on May 25, 2022, 09:11:40 pm
Quote from: Com DAC on May 25, 2022, 03:54:18 pm
After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

Did you use opnsense-revert to get to 22.1.7_1? Struggling to find the process...thx

Yes, that's correct.  You'll want to run this:

Code: [Select]
opnsense-revert -r 22.1.7_1 opnsense
Then reboot, everything should come back up as it was.  If you can't reboot after install, you can probably do the disable/enable on aliases to bring them up for the current session, and then the reverted opnsense package will handle loading them correctly on the next reboot.
« Last Edit: May 25, 2022, 09:54:15 pm by db7 »
Logged

abulafia

  • Full Member
  • ***
  • Posts: 122
  • Karma: 4
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #11 on: May 25, 2022, 10:11:12 pm »
Have you reported this as a bug on GitHub? If not please do - sounds like a bug and that will get resolved earlier if a GitHub report is made.
Logged

vOoPtNa

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #12 on: May 25, 2022, 10:20:01 pm »
Quote from: abulafia on May 25, 2022, 10:11:12 pm
Have you reported this as a bug on GitHub? If not please do - sounds like a bug and that will get resolved earlier if a GitHub report is made.

issue on github already reported:
https://github.com/opnsense/core/issues/5788
Logged

mannp

  • Newbie
  • *
  • Posts: 23
  • Karma: 0
    • View Profile
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #13 on: May 25, 2022, 10:21:11 pm »
Quote
Yes, that's correct.  You'll want to run this:

Code: [Select]
opnsense-revert -r 22.1.7_1 opnsense
Then reboot, everything should come back up as it was.  If you can't reboot after install, you can probably do the disable/enable on aliases to bring them up for the current session, and then the reverted opnsense package will handle loading them correctly on the next reboot.

Thanks for confirming :) I was about to 'engage' and you confirmed, so thanks.

Restored my config back after the downgrade to be sure.....seems back...
Logged

meyergru

  • Hero Member
  • *****
  • Posts: 597
  • Karma: 53
    • View Profile
    • congenio
Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
« Reply #14 on: May 25, 2022, 11:22:46 pm »
Confirming the bug as well. In my case, only one alias was affected, namely a network alias.

Reverting to 22.1.7_1...
Logged
DEC760 - the model that Deciso never built

  • Print
Pages: [1] 2 3 4
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • Alias based firewall rules doesn't work after upgrade to 22.1.8
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2