[pfSense Support] extra '!' in NOT rules

[mOjO]

I've got an interesting bug to report... i'm not sure if my rules logic is smart from a best-practices standpoint (suggestions welcome) but i have 4 NICs in my pfSense box:  LAN (rl2), WAN (rl1), DMZ0 (rl0 = opt1), and VOIP (ep0 = opt2).  All are realtek chips except VOIP which is an old ISA 3com 10baseT.  I just a few moments ago realized a fatal flaw in my plan to give my vonage router its own interface in that pfSense just now informed me that the old 3com nic's driver doesnt support AltQ (doh!) but that has no bearing on this issue. my strategy was to make rules that would allow the DMZ and VOIP interfaces full access out to the internet but no access to each other or the LAN interface (pretty standard setup really) but LAN int can go anywhere.  So I made some rules stating the following on the DMZ0 interface:     -Allow all outbound ports/protocols on DMZ0 that is not destined for the LAN subnet.  (this one works fine)     -Allow all outbound ports/protocols on DMZ0 that is not destined for the VOIP subnet.  (this one generates an error) then i got a parsing error from pfsense in the system log, reason for which is obvious below. (email me direct if you want the uncensored version of the subnets or any other somewhat security sensitive debug info). notice the extra '!' in the rules below (from /tmp/rules.debug): pass in quick on $VOIP from 10.x.x.x/30 to  !192.168.x.x/24 keep state  label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $VOIP from 10.x.x.x/30 to  ! !10.y.y.y/24 keep state  label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $DMZ0 from any to  !192.168.x.x/24 keep state  label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $DMZ0 from any to  ! !10.x.x.x/30 keep state  label "USER_RULE: Allow ALL outbound traffic except to OPT2 subnet" pass in quick on $lan proto tcp from 192.168.x.x/24 to any flags S/SA synproxy state  queue (qLANdef, qLANacks)  label "USER_RULE: Default LAN -> any" i hope thats enough info for you to debug... let me know if you are unable to reproduce. btw, i installed with 80.2 and updated to 82.4 if that makes a difference.  oh and also i have the same bug i noticed someone else mention where my WAN interface always shows DHCP to be down even though its not.  Hitting "renew" works fine and shows it properly for a little while but it always goes back to being down... This is strictly cosmetic as I have no issues on that interface and although its DHCP my ISP (comcast) does some kind of MAC registration so as to stop us from pulling multiple real IP addies, so my WAN IP will never change really unless I swap NICs or change the MAC. TIA, mOjO --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]