After upgrading our HA routers from 2.4.2_1 to 2.4.3_1, every few minutes they are logging:
There were error(s) loading the rules: /tmp/rules.debug:242: syntax error - The line in question reads [242]: pass out route-to ( lagg0 64.79.96.145 ) from to !/ tracker 1000005913 keep state allow-opts label "let out anything from firewall host itself" 64.79.96.145 is our WAN gateway. We have the WAN configured to use a one-interface LAGG to allow sharing CARP states if we ever use a different router with a different interface name. Searching /tmp/rules.debug for "lagg0" I see three lines at the top of the output: pass out route-to ( lagg0 64.79.96.145 ) from 64.79.96.149 to !64.79.96.144/29 tracker 1000005911 keep state allow-opts label "let out anything from firewall host itself" pass out route-to ( lagg0 64.79.96.145 ) from 64.79.96.150 to !64.79.96.144/29 tracker 1000005912 keep state allow-opts label "let out anything from firewall host itself" pass out route-to ( lagg0 64.79.96.145 ) from to !/ tracker 1000005913 keep state allow-opts label "let out anything from firewall host itself" .149 is the WAN IP, .150 the CARP shared IP. Given the first two are there, I'm not sure what the third is supposed to be? Re-applying the firewall rules does not clear it, though does appear to trigger it (presumably due to the rules reload). Suggestions? Steve Yates ITS, Inc. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
