Project

General

Profile

Actions

Regression #12040

closed

Scheduled firewall rules failing to load

Added by Steve Wheeler over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Rules / NAT
Target version:
Start date:
06/15/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Force Exclusion
Affected Version:
2.5.x
Affected Architecture:
All

Description

In 2.5.2-RC firewall rules with a schedule fail to load generating an error.

Tested using this config:

        <rule>
            <id></id>
            <tracker>1623761655</tracker>
            <type>reject</type>
            <interface>lan</interface>
            <ipprotocol>inet</ipprotocol>
            <tag></tag>
            <tagged></tagged>
            <max></max>
            <max-src-nodes></max-src-nodes>
            <max-src-conn></max-src-conn>
            <max-src-states></max-src-states>
            <statetimeout></statetimeout>
            <statetype><![CDATA[keep state]]></statetype>
            <os></os>
            <protocol>tcp</protocol>
            <source>
                <any></any>
            </source>
            <destination>
                <address>1.1.1.1</address>
            </destination>
            <descr><![CDATA[Test Schedule]]></descr>
            <sched>9to5</sched>
            <created>
                <time>1623761655</time>
                <username><![CDATA[admin@172.21.16.5 (Local Database)]]></username>
            </created>
            <updated>
                <time>1623761670</time>
                <username><![CDATA[admin@172.21.16.5 (Local Database)]]></username>
            </updated>
        </rule>

And schedule:

    <schedules>
        <schedule>
            <name>9to5</name>
            <descr></descr>
            <timerange>
                <position>1,2,3,4,5</position>
                <hour>9:00-17:00</hour>
                <rangedescr></rangedescr>
            </timerange>
            <schedlabel>60c8a2cf2b439</schedlabel>
        </schedule>
    </schedules>

Generates this rule:

block return  in  quick  on $LAN inet proto tcp  from any to 1.1.1.1 tracker 1623761655 flags S/SA  schedule "60c8a2cf2b439"  label "USER_RULE: Test Schedule" 

Fails to load generating this error:

There were error(s) loading the rules: /tmp/rules.debug:146: syntax error - The line in question reads [146]: block return in quick on $LAN inet proto tcp from any to 1.1.1.1 tracker 1623761655 flags S/SA schedule "60c8a2cf2b439" label "USER_RULE: Test Schedule" 

Tested:

2.5.2-RC (amd64)
built on Sun Jun 13 17:15:05 EDT 2021
FreeBSD 12.2-STABLE

Actions

Also available in: Atom PDF