Actions
Bug #11818
closed
Mixed use of aliases in a port range produces unloadable ruleset
Start date:
04/19/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
All
Description
Using a combination of port numbers or system aliases and user ports aliases in a port forward port range creates a ruleset that cannot be loaded.
For example the following config:
<nat>
<rule>
<source>
<any></any>
</source>
<destination>
<network>wanip</network>
<port>22-ssh_test</port>
</destination>
<ipprotocol>inet</ipprotocol>
<protocol>tcp</protocol>
<target>192.168.180.59</target>
<local-port>ssh_test</local-port>
<interface>wan</interface>
<descr><![CDATA[Test PF]]></descr>
<associated-rule-id>nat_607d73f09fd0a2.78314883</associated-rule-id>
</rule>
</nat>
<aliases>
<alias>
<name>ssh_test</name>
<type>port</type>
<address>22</address>
<descr></descr>
</alias>
</aliases>
Creates a ruleset:
# User Aliases
ssh_test = "{ 22 }"
# NAT Inbound Redirects
rdr on vtnet0 inet proto tcp from any to 172.21.16.180 port 22:ssh_test -> 192.168.180.59 port 22
Which then fails to load with the error:
General
Unresolvable destination port alias 'ssh_test--22' for rule 'NAT Test PF' @ 2021-04-19 13:13:39
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:56: unknown port ssh_test - The line in question reads [56]: rdr on vtnet0 inet proto tcp from any to 172.21.16.180 port 22:ssh_test -> 192.168.180.59 port 22
@ 2021-04-19 13:13:40
Tested in:
2.5.1-RELEASE (amd64) built on Mon Apr 12 07:50:14 EDT 2021 FreeBSD 12.2-STABLE
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by 
Updated by
Actions