Actions
Bug #13376
closed
Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
All
Description
For example if I create a config and use the internal interface name 'lan1' instead of the default 'opt1':
<lan1>
<descr><![CDATA[lan1]]></descr>
<if>vtnet2</if>
<enable></enable>
<spoofmac></spoofmac>
<ipaddr>192.168.2.10</ipaddr>
<subnet>24</subnet>
</lan1>
<rule>
<id></id>
<tracker>1658609912</tracker>
<type>pass</type>
<interface>lan1</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>tcp</protocol>
<source>
<network>lan1</network>
</source>
<destination>
<any></any>
</destination>
<descr><![CDATA[Test]]></descr>
</rule>
The resulting ruleset line shows:
# source address is empty. label "USER_RULE: Test"
The same rule works as expected for the default interface name, opt1.
Everything else appears to work as expected including using the lan1 subnet in other places such as the tonatsubnets table.
Tested in 22.01 and 22.05. Another user hit this in 2.6
Updated by
Actions