Rules [new] - empty rule automatically created, can't edit or delete

[opn_minded]

Hi,

I started to (manually) migrate my "old" firewall-rules to the "new" firewall-rules. There's now an automatically created rule on the top, that I can't edit, delete, re-order or deactivate.

You cannot view this attachment.

After pressing "enable logging" I get the following error;

Code Select Expand

[30-Jan-2026 11:32:42 <REDACTED>] Error: Class "OPNsense\Firewall\Api\UserException" not found in /usr/local/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php:379
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php(270): OPNsense\Firewall\Api\FilterBaseController->toggleRuleLogBase('f42dbecd-d93b-4...', '1', 'rules.rule')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(166): OPNsense\Firewall\Api\FilterController->toggleRuleLogAction('f42dbecd-d93b-4...', '1')
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/firewall/f...', Array)
#5 {main}

[OPNenthu]

Well at least it's a Floating pass all rule, so now you can never blame your firewall if something appeared blocked :P

[opn_minded]

Yeah that definitely makes sense :D!

[Monviech (Cedrik)]

https://github.com/opnsense/core/pull/9669

That will fix the missing user exception, but we have to find out what's so special about this rule.

Can you do an export at the bottom of the page and share the csv file contents?

[opn_minded]

Code Select Expand

opnsense-patch 8ecd344 based on https://github.com/opnsense/core/pull/9669/commits done and working - thanks for that.

Unfortunately I'm not able to provide the .csv from the export as I've rolled back the config to a previous state.

But... before doing so, I had a look at the two different config.xml's (PRE-new rules and POST-new rules). What I found is, that the corresponding XML-node to the shown rule above in my screenshot had the config options written in the <rule uuid=""> tag.

Let me explain...

correct would be;

Code Select Expand

<rule uuid="<UNIQUE-RULE-ID>">
the faulty rule had something like(what I remember);

Code Select Expand

<rule uuid="<UNIQUE-RULE-ID>,setting1,setting2,setting3,,,,">

[Monviech (Cedrik)]

That makes perfect sense, we have fixed that in master already it was a faulty import that could happen in very specific conditions:

https://github.com/opnsense/core/issues/9661