Project

General

Profile

Bug #6982

Nested Aliases with FQDNs do not populate parent table in some cases

Added by Chris Linstruth 3 months ago. Updated 15 days ago.

Status:
Resolved
Priority:
Normal
Category:
Rules/NAT
Target version:
Start date:
12/03/2016
Due date:
% Done:

100%

Affected version:
2.3.2
Affected Architecture:

Description

In some cases a nested alias containing FQDNs does not populate the parent table until filterdns runs again at its interval.

Can be duplicated by creating an alias list similar to the attached then Status > Filter Reload and click Reload Filter.

Note that groupone will not contain any entries from grouptwo (or the nested fqdnnest11 or fqdns).

Examining those three tables reveals they are still populated with data.

As soon as filterdns runs again everything is populated.

This can be hastened by editing the filterdns interval in System > Advanced and saving. This restarts filterdns and results in an immediate run, populating the parent table.

Now remove firmware.netgate.com from grouptwo and reload the filter. All of the entries from grouptwo will now be present instead of none with the exception of fqdns and fqdnnest11. Those will not be in the table until filterdns fires again.

There are certain cases where editing aliases results in a proper, full reload and certain cases where editing them requires waiting for filterdns to run again. I have not been able to identify what does what there.

Screen Shot 2016-12-03 at 12.00.18 PM.png - Example alias config. (50.6 KB) Chris Linstruth, 12/03/2016 02:01 PM

aliases-config-pfSense-a.localdomain-20161206165824.xml Magnifier (2.18 KB) Chris Linstruth, 12/06/2016 10:59 AM

Associated revisions

Revision 5d1cf6f5
Added by Renato Botelho about 2 months ago

Fix nested aliases with FQDN (Fixes #6982)

Make $use_filterdns a parameter. It needs to be persistent across
recursive calls otherwise it ends up not adding necessary items to
filterdns depending of how items are sorted

Revision 639cfc1b
Added by Renato Botelho about 2 months ago

Fix nested aliases with FQDN (Fixes #6982)

Make $use_filterdns a parameter. It needs to be persistent across
recursive calls otherwise it ends up not adding necessary items to
filterdns depending of how items are sorted

Revision 631217f4
Added by Renato Botelho about 2 months ago

Fix #6982: Remove wrong global definition of use_filterdns and pass it as reference

Revision b88518df
Added by Renato Botelho about 2 months ago

Fix #6982: Remove wrong global definition of use_filterdns and pass it as reference

History

#1 Updated by Chris Linstruth 3 months ago

I should add that the only alias present in any rules is groupone. It is on LAN pass IPv4 any from LAN net destination groupone.

#2 Updated by Chris Linstruth 3 months ago

Here is the aliases export I am using to test. It should match the screenshot above.

#3 Updated by Renato Botelho 2 months ago

  • Assignee set to Renato Botelho

I'll work on it

#4 Updated by Renato Botelho about 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#5 Updated by Chris Linstruth about 2 months ago

This is working well for me with changeset applied using system patches on 2.3.2_1 that I was using in my initial testing. Also imported test alias set into 2.4. Working there too.

#6 Updated by Renato Botelho about 2 months ago

  • Status changed from Feedback to Resolved

#7 Updated by Jim Pingle about 2 months ago

  • Status changed from Resolved to Assigned

This fix broke port aliases.

With this commit, port aliases are empty:

LDAP_Ports = "{  }" 

Revert the commit and the ports alias works again.

LDAP_Ports = "{   389  636 }" 

#8 Updated by Renato Botelho about 2 months ago

  • Status changed from Assigned to Feedback

#9 Updated by Jim Pingle about 2 months ago

  • Assignee changed from Renato Botelho to Chris Linstruth

Port aliases work again with that last commit. Will leave it open waiting for feedback to make sure the original issue is still solved.

#10 Updated by Chris Linstruth about 1 month ago

This looks good to me.

Thought there was still an issue but it just turns out one of my test fqdns (www.cnn.com) has a short TTL and seems to cycle between returning 1 and 4 A records here. Table updating appropriately on filterdns runs.

Port aliases look good too. Even nested.

Thanks!

#11 Updated by Jim Pingle about 1 month ago

  • Status changed from Feedback to Resolved

#12 Updated by Jim Pingle 15 days ago

  • Target version changed from 2.4.0 to 2.3.3

Also available in: Atom PDF