Actions
Bug #12168
closed1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Start date:
07/26/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:
Description
- Create a new 1:1 NAT rule
- Choose interface / external subnet IP
- Select
Any
for Internal IP - Save/Apply
Result:
There were error(s) loading the rules: /tmp/rules.debug:45: syntax error - The line in question reads [45]: binat on vmx0 inet from to any -> 10.0.5.215
On previous pfSense versions, a "valid" rule would be created as: binat on vmx0 inet from any to any -> 10.0.5.215
If from any
is invalid, then the rule should be disabled on upgrade, and input validation should catch it when it gets saved/re-enabled by the user. If it's supposed to be valid to account for a niche case, then the resulting pf rule should be valid.
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Status changed from New to Pull Request Review
- Target version set to 2.6.0
- Plus Target Version set to 21.09
Updated by Marcos M over 3 years ago
- Status changed from Pull Request Review to Resolved
Rule created correctly:binat on vmx0 inet from any to any -> 10.0.5.201
Tested on:
21.09-DEVELOPMENT (amd64)
built on Sun Aug 08 01:12:39 EDT 2021
Updated by Viktor Gurov over 3 years ago
- Status changed from Resolved to Feedback
Please check on the latest snapshot
Updated by Alhusein Zawi over 3 years ago
binat on em1 inet all -> 50.50.50.111
2.6.0.a.20210814.1404
Updated by Jim Pingle over 3 years ago
- Subject changed from Selecting Any for Internal IP on 1:1 NAT results in an invalid pf rule to 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Updating subject for release notes.
Updated by Danilo Zrenjanin about 3 years ago
- Status changed from Feedback to Resolved
Tested on the:
2.6.0-DEVELOPMENT (amd64) built on Thu Sep 30 01:08:51 EDT 2021 FreeBSD 12.2-STABLE
No errors while reloading the filter. Ticket resolved.
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01
Actions