Bug #1341
closed
Removing last host from alias does not truly remove it, host continues to be affected by rules
100%
Description
Under certain circumstances the contents of an alias can still be affected by rules after having been removed from the alias in question.
Steps to reproduce:- Create an alias for example called Blackhole with a single host w.x.y.z
- Set rule to block all traffic to/from alias Blackhole
- Reload filters as appropriate
- Verify all traffic is indeed blocked to/from the contents of the alias Blackhole, being the single host w.x.y.z
- Go to the alias, and remove the single host w.x.y.z, leaving the alias Blackhole empty
- Reload filters as appropriate
- Observe that all traffic is still blocked to/from the host, w.x.y.z, even though it is no longer in the alias Blackhole
- Adding another host to the now "empty" alias solves the problem
Updated by
Updated by Jim Pingle over 13 years ago
- Status changed from Resolved to New
This doesn't seem to be fixed. If I clear a table/alias in the GUI, and it's really a table on the backend, the IPs are still shown in "pfctl -T show -t <tablename>" after deleting the IPs from the alias.
They are gone from /tmp/rules.debug but not from the active pf table.
Updated by Chris Buechler over 13 years ago
- Target version set to 2.0
- Affected Version set to 2.0
Updated by Ermal Luçi over 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset c7422829b2a76301d2efbe0aa01e3dcfcce3012f.
Updated by rancor rancor over 13 years ago
It seems to work now
Tested to reproduce with version 2.0 RC3 date 23 june 2011 and as quick as I remove the host and leave the alias empty the blocked host was not longer blocked, in my case it could now access Internet.
Before I removed the ip from alias all network traffic was blocked accordingly to the firewall rule of that alias
// rancor
Updated by Ermal Luçi over 13 years ago
- Status changed from Feedback to Resolved