Project

General

Profile

Bug #11818

Mixed use of aliases in a port range produces unloadable ruleset

Added by Steve Wheeler about 2 months ago. Updated 27 days ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
Aliases / Tables
Target version:
Start date:
04/19/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.09
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
All

Description

Using a combination of port numbers or system aliases and user ports aliases in a port forward port range creates a ruleset that cannot be loaded.

For example the following config:

    <nat>
        <rule>
            <source>
                <any></any>
            </source>
            <destination>
                <network>wanip</network>
                <port>22-ssh_test</port>
            </destination>
            <ipprotocol>inet</ipprotocol>
            <protocol>tcp</protocol>
            <target>192.168.180.59</target>
            <local-port>ssh_test</local-port>
            <interface>wan</interface>
            <descr><![CDATA[Test PF]]></descr>
            <associated-rule-id>nat_607d73f09fd0a2.78314883</associated-rule-id>
        </rule>
    </nat>
    <aliases>
        <alias>
            <name>ssh_test</name>
            <type>port</type>
            <address>22</address>
            <descr></descr>
        </alias>
    </aliases>

Creates a ruleset:

# User Aliases 
ssh_test = "{   22 }" 

# NAT Inbound Redirects
rdr on vtnet0 inet proto tcp from any to 172.21.16.180 port 22:ssh_test -> 192.168.180.59 port 22

Which then fails to load with the error:

General
    Unresolvable destination port alias 'ssh_test--22' for rule 'NAT Test PF' @ 2021-04-19 13:13:39
Filter Reload
    There were error(s) loading the rules: /tmp/rules.debug:56: unknown port ssh_test - The line in question reads [56]: rdr on vtnet0 inet proto tcp from any to 172.21.16.180 port 22:ssh_test -&gt; 192.168.180.59 port 22
    @ 2021-04-19 13:13:40

Tested in:

2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE

History

#1 Updated by Viktor Gurov about 2 months ago

I see PHP error when trying to reproduce the same fw rules (pfSense 2.6.0.a.20210416.0100):

Crash report details:

PHP Errors:
[19-Apr-2021 16:38:16 Europe/Moscow] PHP Warning:  
A non-numeric value encountered in /usr/local/www/firewall_nat.php on line 145

#3 Updated by Jim Pingle 27 days ago

  • Status changed from New to Pull Request Review
  • Plus Target Version set to 21.09

Also available in: Atom PDF