Finally found https://redmine.pfsense.org/issues/8518 which is this bug (the
extra incomplete gateway line). Fix seems to be to delete/comment out three
lines in /etc/inc/filter.inc:
https://redmine.pfsense.org/projects/pfsense/repository/revisions/c9159949e06cc91f6931bf2326672df7cad706f4/diff/
I found Suricata won't start, and I'm guessing the error Suricata is
logging when it terminates (leaving its .pid file behind), "23/5/2018 --
22:42:18 - -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - alert-pf: Could
not validate pf table: snort2c, module init failed." ...is related to this
After upgrading our HA routers from 2.4.2_1 to 2.4.3_1, every few minutes they
are logging:
There were error(s) loading the rules: /tmp/rules.debug:242: syntax error - The
line in question reads [242]: pass out route-to ( lagg0 64.79.96.145 ) from
to !/ tracker 105913 keep state allow-opt
