Bug #1882
Invalid pf rule generated from a port forward with dest=any on an interface with ip=none
| Status: | Resolved | Start date: | 09/16/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% |
|
| Category: | Rules/NAT | |||
| Target version: | - | |||
| Affected version: | 2.0 | Affected Architecture: |
Description
If you have an interface with an IP type of "none", and then create a port forward on that interface with a destination of "any", it leads to an invalid ruleset.
Config snip of the offending port forward:
<rule>
<source>
<any/>
</source>
<destination>
<any/>
<port>80</port>
</destination>
<protocol>tcp</protocol>
<target>192.168.1.55</target>
<local-port>80</local-port>
<interface>opt1</interface>
<descr/>
<associated-rule-id>nat_4e738285d7c807.89552620</associated-rule-id>
<value>default</value>
</rule>
Leads to these rules:
rdr on vr2 proto tcp from any to any port 80 -> 192.168.1.55 no nat on vr2 proto tcp from (vr2) to / nat on vr2 proto tcp from / to 192.168.1.55 port 80 -> (vr2)
Associated revisions
Add an option to the NUT package that will let the user choose to power down (shutdown -p) instead of halt. Should fix Ticket #1882
Shutdown -p will only work on supported systems. Since the behavior on unsupported systems is unknown, giving the user a choice seemed like the better way.
Only add these lines if there is both an IP address and CIDR. Fixes #1882
Only add these lines if there is both an IP address and CIDR. Fixes #1882
History
#1
Updated by Erik Fonnesbeck over 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset f314bad6789e05cecfb14242e13be077248ebf13.
#2
Updated by Erik Fonnesbeck over 1 year ago
Applied in changeset fa984be954d33c90fb42186edc94865de5b2c921.
#3
Updated by Chris Buechler about 1 year ago
- Status changed from Feedback to Resolved