Bug #12708
closedAlias with non-resolving FQDN entry breaks underlying PF table
100%
Description
Hi,
We've seen a number of cases where a mixed alias list (containing both IP and FQDN) results in either completely empty or with only a few IPs in there. The IPs are not necessarily the IPs from the list, they can also be coming from a successful FQDN DNS lookup. However, the resulting pf table is broken.
This seems related to Bug #7209 in the forum. Given that description, this issue still exists in 2.5.2. All installs run on vmware platforms.
Given that this is a long standing issue, I'm wondering if there is a workaround and/or fix available?
The security level is not compromised based on my samples, the tables were always incomplete but present, hence the only thing that might happen is you cannot get in where you should have been allowed in :)
Thanks,
Piet
Related issues
Updated by Viktor Gurov almost 3 years ago
- Related to Bug #7209: Something is seriously wrong with firewall aliases added
Updated by Viktor Gurov almost 3 years ago
- Related to Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries added
Updated by Reid Linnemann about 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
I've found numerous thread synchronization problems in the filterdns sources, I believe they are responsible for this issue as well as #9296.
Updated by Jim Pingle almost 2 years ago
- Subject changed from alias with non resolving DNS entry breaks underlying pf table to Alias with non-resolving FQDN entry breaks underlying PF table
- Assignee set to Reid Linnemann
- Target version set to 2.7.0
- Plus Target Version set to 23.01
Updated by Jim Pingle almost 2 years ago
- Status changed from Feedback to Resolved
Hard to reproduce this but at least as stated it appears to be OK. I tried a few variations and every time the table contained the expected data.