Try running:
pfctl -f /tmp/rules.debug
This should reload the rules, but likely trows an error..
I think you might have some 'invalid' alias table content.
Seb Auriol schreef op 24-6-2015 om 13:00:
Hi all,
I have installed pfSense 2.2.2 on new hardware (four Dell 1950 blade servers).
I took the config from the old hardware running 2.1.5 and put it on the new
hardware and adjusted the NIC assignments. It works fine on three of them, but
the 'primary' in the HA cluster is not loading the firewall and nat rules. So
the result of the command below starts:
pfctl -vvsa | less
FILTER RULES:
No queue in use
STATES:
On the secondary, the output from the same command starts:
pfctl -vvsa | less
TRANSLATION RULES:
@0(0) no nat proto carp all
[ Evaluations: 3328 Packets: 0 Bytes: 0 States: 0
]
[ Inserted: pid 19405 State Creations: 18446735278790537528]
@1(0) nat-anchor "natearly/*" all
The result of the problem is that NAT isn't working (and probably all packet
filtering). Routing is working fine.
A possibly related issue (but if you want to respond to this pfBlocker issue,
replying to my forum post may be better:
https://forum.pfsense.org/index.php?topic=88443.msg530471#msg530471):
We had pfBlocker installed on the old firewalls, but the package is not
available on 2.2.x as it has been replaced with pfBlockerNG. However, we still
have the config in for pfBlocker and it should be removed. I tried running the
php script written by the author of the new package here:
https://forum.pfsense.org/index.php?topic=88443.0
But it doesn't work (maybe it worked on 2.2.0). The output was:
Removing pfBlocker from the pfSense Configuration file
Removed pfblocker
Removed pfblockerlists
Removed pfblockertopspammers
Removed pfBlocker Menu Entry
Fatal error: Call to undefined function getUserEntry() in
/etc/inc/config.lib.inc on line 501
I then removed the pfBlocker rules from the WAN (as they were still there), but
I still have the menu item, and the rest of the config as you see below:
[2.2.2-RELEASE][[email protected]]/tmp: grep "pfblocker" /conf/config.xml |
grep -v "pfblockerng"
<url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerBadguys</url>
<url>https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerTopSpammers</url>
<command>/usr/local/bin/php -q /usr/local/www/pfblocker.php
cron</command>
<tooltiptext>Configure pfblocker</tooltiptext>
<url>/pkg_edit.php?xml=pfblocker.xml</url>
<pfblockertopspammers>
</pfblockertopspammers>
<pfblocker>
</pfblocker>
<pfblockerlists>
</pfblockerlists>
<url>/pkg_edit.php?xml=pfblocker.xml&id=0</url>
Any ideas on where to look next?
Kind regards,
Seb
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
