Netgate SG-1000 microFirewall

Author Topic: Auto Filter Reload causing weird error  (Read 71 times)

0 Members and 1 Guest are viewing this topic.

Offline ohiosemi

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Auto Filter Reload causing weird error
« on: February 07, 2018, 05:55:36 pm »
The twice a day auto filter reload is throwing an error
Code: [Select]
There were error(s) loading the rules: /tmp/rules.debug:376: syntax error - The line in question reads [376]: pass out route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !/ tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
@ 2018-02-05 12:30:51
There were error(s) loading the rules: /tmp/rules.debug:376: syntax error - The line in question reads [376]: pass out route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !/ tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
@ 2018-02-06 00:31:42
There were error(s) loading the rules: /tmp/rules.debug:376: syntax error - The line in question reads [376]: pass out route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !/ tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
@ 2018-02-06 12:30:54
There were error(s) loading the rules: /tmp/rules.debug:376: syntax error - The line in question reads [376]: pass out route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !/ tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
@ 2018-02-07 00:30:33
There were error(s) loading the rules: /tmp/rules.debug:376: syntax error - The line in question reads [376]: pass out route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !/ tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
@ 2018-02-07 12:30:31

When I check the /tmp/rules.debug file at line 376, the rule is different:
Code: [Select]
pass out  route-to ( em0 X.Y.Z.33 ) from X.Y.Z.36 to !X.Y.Z.32/29 tracker 1000011161 keep state allow-opts label "let out anything from firewall host itself"
I don't know why the destination network isn't there in the error messages, but does exist in the file.

A manual filter reload doesn't cause the same error.

Current Setup: Dual WAN with failover, multiple virtual IPs on both, internal VLANs

Any ideas?