Project

General

Profile

Bug #10168

firewall_rules_edit.php: Firewall GUI allows selecting 'not' and 'any' for source/destination which is invalid

Added by Jim Pingle about 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
01/07/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

On firewall_rules_edit.php, the GUI allows selecting 'not' and 'any' together for source/destination which is invalid as it could never match anything. The backend code in filter.inc detects this and ignores the 'not' in this case. The GUI should reject it similarly with input validation to warn the user.

Associated revisions

Revision 40baab14 (diff)
Added by Jim Pingle about 2 months ago

Do not allow 'invert match' and 'any' on firewall rules. Fixes #10168

The backend code ignores the invert in this case, and it makes the GUI
render confusingly (!* which could never match anything)

Revision 1e8941fc (diff)
Added by Jim Pingle about 2 months ago

Do not allow 'invert match' and 'any' on firewall rules. Fixes #10168

The backend code ignores the invert in this case, and it makes the GUI
render confusingly (!* which could never match anything)

(cherry picked from commit 40baab141eb30b11b57efa0cf14521021aa7b4c7)

History

#1 Updated by Jim Pingle about 2 months ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#2 Updated by Viktor Gurov about 2 months ago

  • Status changed from Feedback to Resolved

Jim Pingle wrote:

Applied in changeset 40baab141eb30b11b57efa0cf14521021aa7b4c7.

tested on 2.4.5.a.20200107.1903
works as expected

Also available in: Atom PDF