firewall/alias, signal table load errors to the user, it's not very obvious now that the table memory is defined too low. closes https://github.com/opnsense/core/issues/3046

src/etc/inc/filter.inc

@@ -169,7 +169,7 @@ function filter_delete_states_for_down_gateways()
     }
 }
 
-function filter_configure_sync($verbose = false, $flush_states = false)
+function filter_configure_sync($verbose = false, $flush_states = false, $load_aliases = true)
 {
     global $config;
 
@@ -509,8 +509,10 @@ function filter_configure_sync($verbose = false, $flush_states = false)
         flush();
     }
 
-    configd_run('template reload OPNsense/Filter');
-    configd_run('filter refresh_aliases', true);
+    if ($load_aliases) {
+        configd_run('template reload OPNsense/Filter');
+        configd_run('filter refresh_aliases', true);
+    }
 
     if ($verbose) {
         echo "done.\n";

src/etc/rc.filter_configure

@@ -34,4 +34,8 @@ require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");
 
-filter_configure_sync(true);
+if (count($argv) >= 1 && $argv[1] == 'skip_alias' ) {
+    filter_configure_sync(true, false, false);
+} else {
+    filter_configure_sync(true);
+}

src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php

@@ -31,6 +31,7 @@ namespace OPNsense\Firewall\Api;
 
 use \OPNsense\Base\ApiMutableModelControllerBase;
 use \OPNsense\Core\Backend;
+use \OPNsense\Base\UserException;
 
 /**
  * @package OPNsense\Firewall
@@ -197,11 +198,12 @@ class AliasController extends ApiMutableModelControllerBase
         if ($this->request->isPost()) {
             $backend = new Backend();
             $backend->configdRun('template reload OPNsense/Filter');
-            $backend->configdRun("filter reload");
-            $bckresult = strtolower(
-                trim($backend->configdRun("filter refresh_aliases"))
-            );
-            return array("status" => $bckresult);
+            $backend->configdRun("filter reload skip_alias");
+            $bckresult = json_decode($backend->configdRun("filter refresh_aliases"), true);
+            if (!empty($bckresult['messages'])) {
+                throw new UserException(implode("\n", $bckresult['messages']), gettext("Alias"));
+            }
+            return array("status" => "ok");
         } else {
             return array("status" => "failed");
         }

src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt

@@ -218,14 +218,6 @@
             ajaxCall("/api/firewall/alias/reconfigure", {}, function(data,status) {
                 // when done, disable progress animation.
                 $("#reconfigureAct_progress").removeClass("fa fa-spinner fa-pulse");
-                if (status != "success" || data['status'] != 'ok') {
-                    BootstrapDialog.show({
-                        type: BootstrapDialog.TYPE_WARNING,
-                        title: "{{ lang._('Error reconfiguring aliases') }}",
-                        message: data['status'],
-                        draggable: true
-                    });
-                }
             });
         });
 

src/opnsense/scripts/filter/update_tables.py

@@ -32,7 +32,7 @@
 import os
 import sys
 import argparse
-import syslog
+import json
 import xml.etree.cElementTree as ET
 import syslog
 import tempfile
@@ -98,7 +98,7 @@ class AliasParser(object):
             yield self._aliases[alias]
 
 if __name__ == '__main__':
-    status = dict()
+    result = {'status': 'ok'}
     parser = argparse.ArgumentParser()
     parser.add_argument('--output', help='output type [json/text]', default='json')
     parser.add_argument('--source_conf', help='configuration xml', default='/usr/local/etc/filter_tables.conf')
@@ -155,6 +155,17 @@ if __name__ == '__main__':
                                 stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb'))
             else:
                 # replace table contents with collected alias
-                subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f',
-                                 '/var/db/aliastables/%s.txt' % alias_name],
-                                 stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb'))
+                with tempfile.NamedTemporaryFile() as output_stream:
+                    subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f',
+                                     '/var/db/aliastables/%s.txt' % alias_name],
+                                     stdout=open(os.devnull, 'wb'), stderr=output_stream)
+                    output_stream.seek(0)
+                    error_output = output_stream.read().strip()
+                    if error_output.find('pfctl: ') > -1:
+                        result['status'] = 'error'
+                        if 'messages' not in result:
+                            result['messages'] = list()
+                        if error_output not in result['messages']:
+                            result['messages'].append(error_output.replace('pfctl: ', ''))
+
+    print (json.dumps(result))

src/opnsense/service/conf/actions.d/actions_filter.conf

@@ -1,6 +1,6 @@
 [reload]
 command:/usr/local/etc/rc.filter_configure
-parameters:
+parameters: %s
 type:script
 message:Reloading filter
 
@@ -13,7 +13,7 @@ message:Syncing firewall %s
 [refresh_aliases]
 command:/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py
 parameters:
-type:script
+type:script_output
 description:Update and reload firewall aliases
 message:refresh url table aliases