Actions
Bug #12020
closed
OpenVPN RADIUS-based firewall rules use incorrect port ranges
Start date:
06/10/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:
Description
Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
ip:inacl#1=permit tcp host {clientip} host 1.1.1.1 range 10000 65535
produced the following invalid rule:
pass in quick on ovpns1 inet proto tcp from 192.168.1.2 to 1.1.1.1 port 9999 >< 65536
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Subject changed from Cisco-AVPair ACL rule: port range operator is not working correctly to Cisco-AVPair ACL generates incorrect rules for port ranges
- Status changed from New to Pull Request Review
- Target version set to 2.6.0
- Plus Target Version set to 21.09
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
PR has been merged. Thanks!
Updated by Jim Pingle about 3 years ago
- Subject changed from Cisco-AVPair ACL generates incorrect rules for port ranges to OpenVPN RADIUS-based firewall rules use incorrect port ranges
Updating subject for release notes.
Updated by Viktor Gurov about 3 years ago
- Status changed from Feedback to Resolved
RADIUS ACL:
Cisco-AVPair = "ip:inacl#1=permit tcp host {clientip} host 10.8.8.8 range 100 300",
Cisco-AVPair = "ip:inacl#2=permit udp host {clientip} host 10.8.8.8 range 1000 5000",
Cisco-AVPair = "ip:inacl#3=permit udp host {clientip} host 10.8.8.8 range 10000 65535"
parsed rules:
pass in quick on ovpns2 inet proto tcp from 10.34.34.2 to 10.8.8.8 port 100:300 pass in quick on ovpns2 inet proto udp from 10.34.34.2 to 10.8.8.8 port 1000:5000 pass in quick on ovpns2 inet proto udp from 10.34.34.2 to 10.8.8.8 port 10000:65535
pfSense-2.6.0.a.20210914.0500
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01
Actions