Project

General

Profile

Actions

Bug #12168

open

1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule

Added by Marcos Mendoza 2 months ago. Updated 30 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
07/26/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.09
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

  1. Create a new 1:1 NAT rule
  2. Choose interface / external subnet IP
  3. Select Any for Internal IP
  4. Save/Apply

Result:

There were error(s) loading the rules: /tmp/rules.debug:45: syntax error - The line in question reads [45]: binat on vmx0 inet from  to any -> 10.0.5.215

On previous pfSense versions, a "valid" rule would be created as: binat on vmx0 inet from any to any -> 10.0.5.215

If from any is invalid, then the rule should be disabled on upgrade, and input validation should catch it when it gets saved/re-enabled by the user. If it's supposed to be valid to account for a niche case, then the resulting pf rule should be valid.

Actions #2

Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.6.0
  • Plus Target Version set to 21.09
Actions #3

Updated by Marcos Mendoza about 2 months ago

  • Status changed from Pull Request Review to Resolved

Rule created correctly:
binat on vmx0 inet from any to any -> 10.0.5.201

Tested on:
21.09-DEVELOPMENT (amd64)
built on Sun Aug 08 01:12:39 EDT 2021

Actions #4

Updated by Viktor Gurov about 1 month ago

  • Assignee set to Viktor Gurov

Merged

Actions #5

Updated by Viktor Gurov about 1 month ago

  • Status changed from Resolved to Feedback

Please check on the latest snapshot

Actions #6

Updated by Alhusein Zawi about 1 month ago

binat on em1 inet all -> 50.50.50.111

2.6.0.a.20210814.1404

Actions #7

Updated by Jim Pingle 30 days ago

  • Subject changed from Selecting Any for Internal IP on 1:1 NAT results in an invalid pf rule to 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule

Updating subject for release notes.

Actions

Also available in: Atom PDF