Bug #13376
closed
Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
0%
Description
For example if I create a config and use the internal interface name 'lan1' instead of the default 'opt1':
<lan1>
<descr><![CDATA[lan1]]></descr>
<if>vtnet2</if>
<enable></enable>
<spoofmac></spoofmac>
<ipaddr>192.168.2.10</ipaddr>
<subnet>24</subnet>
</lan1>
<rule>
<id></id>
<tracker>1658609912</tracker>
<type>pass</type>
<interface>lan1</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>tcp</protocol>
<source>
<network>lan1</network>
</source>
<destination>
<any></any>
</destination>
<descr><![CDATA[Test]]></descr>
</rule>
The resulting ruleset line shows:
# source address is empty. label "USER_RULE: Test"
The same rule works as expected for the default interface name, opt1.
Everything else appears to work as expected including using the lan1 subnet in other places such as the tonatsubnets table.
Tested in 22.01 and 22.05. Another user hit this in 2.6
Updated by Jim Pingle over 2 years ago
- Status changed from New to Rejected
- Target version deleted (
CE-Next) - Plus Target Version deleted (
Plus-Next)
The tags for assigned interfaces don't change like that. When changing the name of an interface it only changes the <descr>, not the tags wrapping the interface configuration. Those are always wan/lan/optX as those are the internal identifiers.
As far as I can see the only way those tags would change is if someone did so by hand when manually editing the config.xml and not from normal GUI operations.
As such that config is invalid and shouldn't be accommodated.