Bug #13027
closed
Input validation requires a gateway for floating ``match out`` rules
Added by Marcos M over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Description
When implementing limiters using floating match rules, a gateway should not be necessary. Without selecting one, the following input validation message shows after clicking Save:
Please select a gateway, normally the interface selected gateway, so the limiters work correctly
It should be possible to create a floating match rule with limiters without setting a gateway.
This works on 22.01 with the following rule and patch:
match out on { vmx1 } inet from 192.0.2.0/28 to any ridentifier 1649027215 dnqueue( 1,2) label "USER_RULE"
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/704
This also fixes the case when trying to create a match out rule with IPv4+IPv6. Without the patch, input validation prevents the rule from being saved due to no gateway being selected, however no gateway can be selected due to the address family being IPv4+IPv6.
- Status changed from New to Pull Request Review
- Target version set to CE-Next
- Plus Target Version set to 22.09
- Blocked by Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload added
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
- Subject changed from Input validation prevents adding a floating match rule with limiters and no gateway to Input validation requires a gateway for floating ``match out`` rules
- Status changed from Feedback to Resolved
- Target version changed from CE-Next to 2.7.0
- Plus Target Version changed from 22.09 to 22.05
Works as expected. Testing details in MR.
- Category changed from Web Interface to Rules / NAT
- Assignee set to Marcos M
Also available in: Atom
PDF
Updated by 
Updated by