No NAT working on 24.1.2 - cant downgrade to 24.1.1 using opnsense-revert: opnsense has a missing dependency: suricata-stable

[Tontonjo]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [ X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [ X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

After update to 24.1.2 all my NAT configurations stopped working. Traffic is being blocked by default rule. Rules that only need firewall rules works as exepected: openVPN.

I wanted to revert to 24.1.1 but the downgrade fails: see below.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce i've juste updated to 24.1.2 - nothing less, nothing more.

Expected behavior

A clear and concise description of what you expected to happen.

• Is there a known problem involving NAT in 24.1.2?
• How to revert to 24.1.1 in order to check?

Describe alternatives you considered Downgrading but it fail.

opnsense-revert -r 24.1.1 opnsense
Fetching opnsense.pkg: ... done
Verifying signature with trusted certificate pkg.opnsense.org.20240105... done
opnsense-24.1.2: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg-static: opnsense has a missing dependency: suricata-stable

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1.2-amd64 FreeBSD 13.2-RELEASE-p10 OpenSSL 3.0.13

Thanks for your help!

Regards

[Tontonjo]

trying to understand i've found that my backend logs is filled with this error: may be not related as it seems to have appeared before:

[c3b73be7-8c7a-4fda-ba32-8a7d6db25d81] Script action failed with Command '/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py ' returned non-zero exit status 1.

[Tontonjo]

hmmm just entered the command manually -> /usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py

Everything seems to be working again as expected

/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py {"status": "ok"}

[mimugmail]

Do you have Suricata running in IPS mode?

[Tontonjo]

Do you have Suricata running in IPS mode?

Absolutely not. Suricata disabled

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.