Project

General

Profile

Actions

Bug #1341

closed

Removing last host from alias does not truly remove it, host continues to be affected by rules

Added by G D about 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
03/09/2011
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Under certain circumstances the contents of an alias can still be affected by rules after having been removed from the alias in question.

Steps to reproduce:
  • Create an alias for example called Blackhole with a single host w.x.y.z
  • Set rule to block all traffic to/from alias Blackhole
  • Reload filters as appropriate
  • Verify all traffic is indeed blocked to/from the contents of the alias Blackhole, being the single host w.x.y.z
  • Go to the alias, and remove the single host w.x.y.z, leaving the alias Blackhole empty
  • Reload filters as appropriate
  • Observe that all traffic is still blocked to/from the host, w.x.y.z, even though it is no longer in the alias Blackhole
  • Adding another host to the now "empty" alias solves the problem
Actions #1

Updated by Chris Buechler almost 13 years ago

  • Status changed from New to Resolved

this has been fixed

Actions #2

Updated by G D almost 13 years ago

Thank you!

Actions #3

Updated by Jim Pingle almost 13 years ago

  • Status changed from Resolved to New

This doesn't seem to be fixed. If I clear a table/alias in the GUI, and it's really a table on the backend, the IPs are still shown in "pfctl -T show -t <tablename>" after deleting the IPs from the alias.

They are gone from /tmp/rules.debug but not from the active pf table.

Actions #4

Updated by Chris Buechler almost 13 years ago

  • Target version set to 2.0
  • Affected Version set to 2.0
Actions #5

Updated by Ermal Luçi almost 13 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by rancor rancor almost 13 years ago

It seems to work now

Tested to reproduce with version 2.0 RC3 date 23 june 2011 and as quick as I remove the host and leave the alias empty the blocked host was not longer blocked, in my case it could now access Internet.

Before I removed the ip from alias all network traffic was blocked accordingly to the firewall rule of that alias

// rancor
Actions #7

Updated by Ermal Luçi almost 13 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF