Project

General

Profile

Bug #1187

Creating NAT rule with valid (but long) label causes error loading pf rules

Added by Gary Richards over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
01/12/2011
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

I created a Firewall: NAT: Port Forward: rule with a description of: "Redirect tftp requests to tftp-proxy running locally."

It seems to have created an associated rule that ends up with a label that's too long because when I apply my rule changes I get this error:

php: : There were error(s) loading the rules: /tmp/rules.debug:103: rule label too long (max 63 chars) pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [103]: pass in quick on $BACK proto udp from 192.168.121.0/24 to 127.0.0.1 port 6969 label "USER_RULE: NAT Redirect tftp requests to tftp-proxy running locally."

It seems that it takes my original description and prepends 'USER_RULE: NAT' to it. This causes the associated rule to end up with more than 63 characters!

Presumably the form validates the original description as it's less than 63 characters before the other part is prepended.

Associated revisions

Revision 3b83b51a (diff)
Added by Jim Pingle over 8 years ago

Only copy 52 chars of a user descr to the pf rule. When added to the "USER_RULE: " prefix (11 chars) we hit the 63 char limit. Fixes #1187

History

#1 Updated by Jim Pingle over 8 years ago

  • Status changed from New to Feedback

Should be OK with the commit I made, 3b83b51ad2dd7d1ed3ecb0faab251813b3678a8e

#2 Updated by Jim Pingle over 8 years ago

  • % Done changed from 0 to 100

#3 Updated by James Lepthien over 8 years ago

That is now working correctly - tested on NanoBSD built on Thu Jan 13 20:30:46 EST 2011.

#4 Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

thanks

Also available in: Atom PDF