Netgate SG-1000 microFirewall

Author Topic: There were error(s) loading the rules  (Read 174 times)

0 Members and 1 Guest are viewing this topic.

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
There were error(s) loading the rules
« on: February 05, 2018, 09:24:27 am »
Hi Everyone,

PfSense 2.3.3-RELEASE

I can't seem to figure out where this problem is coming from which started a few months ago.  Now and then this error comes up and drops our internet connection for a split second.

There were error(s) loading the rules: /tmp/rules.debug:129: could not parse host specification - The line in question reads [129]: table <time_chu_nrc_ca> { time1.chu.nrc.ca./32 }

I tried adjusting the NTP Server values and looking at the firewall rules without success.  Appreciate all those who can point me in the right direction.


Thanks

Offline KOM

  • Hero Member
  • *****
  • Posts: 5596
  • Karma: +688/-23
    • View Profile
Re: There were error(s) loading the rules
« Reply #1 on: February 05, 2018, 10:06:23 am »
Is this something pfBlocker stuffed into the ruleset or is this some rule you made?

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: There were error(s) loading the rules
« Reply #2 on: February 05, 2018, 10:14:05 am »
Hi Kom,

I'm using Snort but not pFblocker on the firewall.  I looked into my firewall rules and I don't have anything in there that would block time1.chu.nrc.ca./32.

thanks,

Offline KOM

  • Hero Member
  • *****
  • Posts: 5596
  • Karma: +688/-23
    • View Profile
Re: There were error(s) loading the rules
« Reply #3 on: February 05, 2018, 10:33:24 am »
Is there supposed to be a . at the end of the hostname?

time1.chu.nrc.ca./32

versus

time1.chu.nrc.ca/32

What rules do you have that refer to this time server?  I use time.nrc.ca for my NTP def but there is nothing in the rules about it.

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: There were error(s) loading the rules
« Reply #4 on: February 05, 2018, 11:42:31 am »
That's where I'm having issues.  I don't have time1.chu.nrc.ca referenced anywhere in NTP or in firewall rules.  I use 1.ca.pool.ntp.org, 0.ca.pool.ntp.org and ca.pool.ntp.org for my time servers so i don't know where this error is coming from.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5596
  • Karma: +688/-23
    • View Profile
Re: There were error(s) loading the rules
« Reply #5 on: February 05, 2018, 12:04:13 pm »
Packages like Snort, Suricata and pfBlocker uses rule lists.  Maybe something in there?

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: There were error(s) loading the rules
« Reply #6 on: February 05, 2018, 12:35:53 pm »
i can temporarily turn off Snort and see what happens. 

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: There were error(s) loading the rules
« Reply #7 on: February 05, 2018, 02:31:45 pm »
So I just got the same error a few minutes ago.  Looks like snort is not the culprit.  Any other thoughts?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5596
  • Karma: +688/-23
    • View Profile
Re: There were error(s) loading the rules
« Reply #8 on: February 05, 2018, 02:59:41 pm »
Quote
Any other thoughts?

Shell in and look at /tmp/rules.debug.   What's line 129 say?

What packages in total are you running?  Post a screenshot(s) of your WAN/LAN rules with public details obscured.

Offline choodee

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: There were error(s) loading the rules
« Reply #9 on: February 06, 2018, 09:24:11 am »
Thanks Kom for your assistance.  I was able to find the problem under Firewall - Aliases, there was an entry for time1.chu.nrc.ca that had no IP which was probably used for a previous firewall rule.  All is now well.

thanks!