Project

General

Profile

Actions

Bug #12708

open

alias with non resolving DNS entry breaks underlying pf table

Added by Piet H 4 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Aliases / Tables
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

Hi,

We've seen a number of cases where a mixed alias list (containing both IP and FQDN) results in either completely empty or with only a few IPs in there. The IPs are not necessarily the IPs from the list, they can also be coming from a successful FQDN DNS lookup. However, the resulting pf table is broken.

This seems related to Bug #7209 in the forum. Given that description, this issue still exists in 2.5.2. All installs run on vmware platforms.

Given that this is a long standing issue, I'm wondering if there is a workaround and/or fix available?

The security level is not compromised based on my samples, the tables were always incomplete but present, hence the only thing that might happen is you cannot get in where you should have been allowed in :)

Thanks,
Piet


Related issues

Related to Bug #7209: Something is seriously wrong with firewall aliasesRejected02/04/2017

Actions
Related to Bug #9296: Rule / Alias FQDN-Resolution brokenConfirmedLuiz Souza01/30/2019

Actions
Actions #1

Updated by Viktor Gurov 4 months ago

  • Affected Version set to 2.5.2
Actions #2

Updated by Viktor Gurov 4 months ago

  • Related to Bug #7209: Something is seriously wrong with firewall aliases added
Actions #3

Updated by Viktor Gurov 4 months ago

  • Related to Bug #9296: Rule / Alias FQDN-Resolution broken added
Actions

Also available in: Atom PDF