I have an RC2 setup with load balancing going on multiple WAN interfaces (WAN, OPT1, 2).
I deleted the OPT3 interfacee, but did not delete the corresponding NAT rules associated with OPT3. Upon applying changes, I realised that I had shot myself in the foot! My /tmp/rules.debug had a line like: nat on $ from ... Note that the interface name is just "$". Consequently, this broke the pf rules and completely locked me out of the box. I could ping the LAN interface, but no ssh/http. I had to restore the config on console to bring it back. I can also confirm that deleting the NAT rules *before* deleting the interface causes no problems what so ever. I did not have any filter rules or altq specified on OPT3, so the same problem may also occur outside of the NAT rules. Can the pf rule generator be made smarter to compensate for my stupidity? Perhaps we could automagically disable rules that have "lost" their interfaces. Sorry for not reproducing exact error messages or logs. I don't have the pfsense box around atm. - Raja --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
